Skip to content

Commit bbdb15e

Browse files
committed
MM-860: Implemented anti-csrf tokens for OpenMRS protection against CSRF attacks
1 parent 241f1d5 commit bbdb15e

File tree

4 files changed

+21
-19
lines changed

4 files changed

+21
-19
lines changed

api/src/test/java/org/openmrs/module/referenceapplication/ReferenceApplicationActivatorTest.java

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import org.junit.Before;
99
import org.junit.Test;
1010
import org.mockito.Mock;
11+
import org.mockito.ArgumentMatcher;
1112
import org.mockito.Mockito;
1213
import org.mockito.MockitoAnnotations;
1314
import org.openmrs.scheduler.SchedulerService;
@@ -47,16 +48,11 @@ public void shouldSaveNewTaskIfNotAlreadyRegistered() {
4748

4849
new ReferenceApplicationActivator().setupHL7ProcessingTask(schedulerService);
4950

50-
verify(schedulerService).saveTaskDefinition(Matchers.argThat(new BaseMatcher<TaskDefinition>() {
51+
verify(schedulerService).saveTaskDefinition(Matchers.argThat(new ArgumentMatcher<TaskDefinition>() {
5152

5253
@Override
53-
public boolean matches(Object obj) {
54-
return obj instanceof TaskDefinition
55-
&& ProcessHL7InQueueTask.class.getName().equals(((TaskDefinition) obj).getTaskClass());
56-
}
57-
58-
@Override
59-
public void describeTo(Description description) {
54+
public boolean matches(TaskDefinition obj) {
55+
return ProcessHL7InQueueTask.class.getName().equals(obj.getTaskClass());
6056
}
6157
}));
6258

api/src/test/resources/TestingApplicationContext.xml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,11 @@
1818
<property name="mappingJarLocations">
1919
<ref bean="mappingJarResources"/>
2020
</property>
21+
<property name="packagesToScan">
22+
<list>
23+
<value>org.openmrs</value>
24+
</list>
25+
</property>
2126
<!-- default properties must be set in the hibernate.default.properties -->
2227
</bean>
2328

omod/src/main/webapp/pages/login.gsp

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -188,6 +188,7 @@
188188
<% } %>
189189
<input id="loginButton" class="btn ${ ui.message(selectLocation ? "btn-success" : "confirm") }" type="submit"
190190
value="${ ui.message(selectLocation ? "general.done" : "referenceapplication.login.button") }"/>
191+
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
191192
</p>
192193
<% if(!selectLocation) {%>
193194
<p>

pom.xml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -35,24 +35,24 @@
3535

3636
<properties>
3737
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
38-
<openMRSVersion>2.0.1</openMRSVersion>
38+
<openMRSVersion>2.5.0-SNAPSHOT</openMRSVersion>
3939
<webservicesRestModuleVersion>2.6</webservicesRestModuleVersion>
4040
<appointmentschedulingVersion>1.3</appointmentschedulingVersion>
41-
<appframeworkVersion>2.9</appframeworkVersion>
41+
<appframeworkVersion>2.16.0</appframeworkVersion>
4242
<referencemetadataVersion>2.5.0</referencemetadataVersion>
4343
<reportingcompatibilityVersion>2.0.2</reportingcompatibilityVersion>
4444
<calculationVersion>1.2</calculationVersion>
4545
<serialization.xstreamVersion>0.2.12</serialization.xstreamVersion>
4646
<reportingVersion>0.10.6</reportingVersion>
47-
<htmlformentryVersion>3.3.0</htmlformentryVersion>
47+
<htmlformentryVersion>4.0.1</htmlformentryVersion>
4848
<htmlformentryuiVersion>1.6.1</htmlformentryuiVersion>
49-
<idgenVersion>4.4.0</idgenVersion>
50-
<registrationcoreVersion>1.6</registrationcoreVersion>
49+
<idgenVersion>4.7.0</idgenVersion>
50+
<registrationcoreVersion>1.11.0</registrationcoreVersion>
5151
<namephoneticsVersion>1.5</namephoneticsVersion>
52-
<metadatadeployVersion>1.7</metadatadeployVersion>
52+
<metadatadeployVersion>1.13.0</metadatadeployVersion>
5353
<metadatasharingVersion>1.2.2</metadatasharingVersion>
54-
<emrapiVersion>1.21.0</emrapiVersion>
55-
<providermanagementVersion>2.5.0</providermanagementVersion>
54+
<emrapiVersion>1.31.0</emrapiVersion>
55+
<providermanagementVersion>2.13.0</providermanagementVersion>
5656
<uiframeworkVersion>3.21.0-SNAPSHOT</uiframeworkVersion>
5757
<appuiVersion>1.7</appuiVersion>
5858
<atlasVersion>2.2</atlasVersion>
@@ -63,7 +63,7 @@
6363
<webservices.restVersion>2.16</webservices.restVersion>
6464
<uicommonsVersion>2.12.0</uicommonsVersion>
6565
<legacyuiVersion>1.2.3</legacyuiVersion>
66-
<metadatamappingVersion>1.2.1</metadatamappingVersion>
66+
<metadatamappingVersion>1.4.0</metadatamappingVersion>
6767
</properties>
6868

6969
<dependencyManagement>
@@ -228,7 +228,7 @@
228228

229229
<dependency>
230230
<groupId>org.openmrs.module</groupId>
231-
<artifactId>htmlformentry-api-1.10</artifactId>
231+
<artifactId>htmlformentry-api-2.3</artifactId>
232232
<version>${htmlformentryVersion}</version>
233233
<scope>provided</scope>
234234
</dependency>
@@ -460,7 +460,7 @@
460460

461461
<dependency>
462462
<groupId>org.openmrs.module</groupId>
463-
<artifactId>htmlformentry-api-1.10</artifactId>
463+
<artifactId>htmlformentry-api-2.3</artifactId>
464464
</dependency>
465465

466466
<dependency>

0 commit comments

Comments
 (0)