core: revert check_access API to get to prevent CSRF errors

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-13 21:47:49 +02:00
parent c9dda17c68
commit cabbd18880
2 changed files with 14 additions and 22 deletions

View File

@ -107,15 +107,19 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
return applications return applications
@extend_schema( @extend_schema(
request=inline_serializer( parameters=[
"CheckAccessRequest", fields={"for_user": IntegerField(required=False)} OpenApiParameter(
), name="for_user",
location=OpenApiParameter.QUERY,
type=OpenApiTypes.INT,
)
],
responses={ responses={
200: PolicyTestResultSerializer(), 200: PolicyTestResultSerializer(),
404: OpenApiResponse(description="for_user user not found"), 404: OpenApiResponse(description="for_user user not found"),
}, },
) )
@action(detail=True, methods=["POST"]) @action(detail=True, methods=["GET"])
# pylint: disable=unused-argument # pylint: disable=unused-argument
def check_access(self, request: Request, slug: str) -> Response: def check_access(self, request: Request, slug: str) -> Response:
"""Check access to a single application by slug""" """Check access to a single application by slug"""

View File

@ -1504,10 +1504,14 @@ paths:
'403': '403':
$ref: '#/components/schemas/GenericError' $ref: '#/components/schemas/GenericError'
/api/v2beta/core/applications/{slug}/check_access/: /api/v2beta/core/applications/{slug}/check_access/:
post: get:
operationId: core_applications_check_access_create operationId: core_applications_check_access_retrieve
description: Check access to a single application by slug description: Check access to a single application by slug
parameters: parameters:
- in: query
name: for_user
schema:
type: integer
- in: path - in: path
name: slug name: slug
schema: schema:
@ -1516,17 +1520,6 @@ paths:
required: true required: true
tags: tags:
- core - core
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CheckAccessRequestRequest'
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/CheckAccessRequestRequest'
multipart/form-data:
schema:
$ref: '#/components/schemas/CheckAccessRequestRequest'
security: security:
- authentik: [] - authentik: []
- cookieAuth: [] - cookieAuth: []
@ -18415,11 +18408,6 @@ components:
- shell - shell
- redirect - redirect
type: string type: string
CheckAccessRequestRequest:
type: object
properties:
for_user:
type: integer
ClientTypeEnum: ClientTypeEnum:
enum: enum:
- confidential - confidential