csrf init (eclipse-che#5120)

Author: Yevhenii Voevodin

ide/che-core-ide-api/src/main/java/org/eclipse/che/ide/api/app/AppContext.java

@@ -24,13 +24,15 @@
 import org.eclipse.che.ide.resource.Path;
 
 import java.util.List;
+import java.util.Map;
 
 /**
  * Represents current context of the IDE application.
  *
  * @author Vitaly Parfonov
  * @author Artem Zatsarynnyi
  * @author Vlad Zhukovskyi
+ * @author Yevhenii Voevodin
  */
 public interface AppContext {
 
@@ -185,7 +187,7 @@ public interface AppContext {
     FactoryDto getFactory();
 
     void setFactory(FactoryDto factory);
-    
+
     String getWorkspaceId();
 
     /**
@@ -218,4 +220,13 @@ public interface AppContext {
      * @return identifier
      */
     String getAppId();
+
+    /**
+     * Returns context properties, key-value storage that allows to store
+     * data in the context for plugins and extensions.
+     *
+     * @return a modifiable properties map
+     * @since 5.11.0
+     */
+    Map<String, String> getProperties();
 }

ide/che-core-ide-app/src/main/java/org/eclipse/che/ide/context/AppContextImpl.java

@@ -50,7 +50,9 @@
 import org.eclipse.che.ide.statepersistance.AppStateManager;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.collect.Lists.newArrayList;
@@ -95,6 +97,7 @@ public class AppContextImpl implements AppContext,
     private Path                projectsRoot;
     private ActiveRuntime       runtime;
     private ResourceManager     resourceManager;
+    private Map<String, String> properties;
 
     /**
      * List of actions with parameters which comes from startup URL.
@@ -463,4 +466,12 @@ public String getAppId() {
     public ActiveRuntime getActiveRuntime() {
         return runtime;
     }
+
+    @Override
+    public Map<String, String> getProperties() {
+        if (properties == null) {
+            properties = new HashMap<>();
+        }
+        return properties;
+    }
 }

ide/commons-gwt/src/main/java/org/eclipse/che/ide/rest/AsyncRequestFactory.java

@@ -213,7 +213,7 @@ public AsyncRequest createRequest(RequestBuilder.Method method, String url, List
     protected AsyncRequest doCreateRequest(RequestBuilder.Method method, String url, Object dtoBody, boolean async) {
         Preconditions.checkNotNull(method, "Request method should not be a null");
 
-        AsyncRequest asyncRequest = new AsyncRequest(method, url, async);
+        AsyncRequest asyncRequest = newAsyncRequest(method, url, async);
         if (dtoBody != null) {
             if (dtoBody instanceof List) {
                 asyncRequest.data(dtoFactory.toJson((List)dtoBody));
@@ -239,6 +239,20 @@ protected AsyncRequest doCreateRequest(RequestBuilder.Method method, String url,
         return asyncRequest;
     }
 
+    /**
+     * A factory method which creates a new instance of {@link AsyncRequest}.
+     *
+     * @param method
+     *         the request method
+     * @param url
+     *         the url to go to
+     * @param async
+     *         whether this request is asynchronous in terms of Everrest polling strategy
+     */
+    protected AsyncRequest newAsyncRequest(RequestBuilder.Method method, String url, boolean async) {
+        return new AsyncRequest(method, url, async);
+    }
+
     /**
      * Creates new GET request to the specified {@code url}.
      *

plugins/plugin-machine/che-plugin-machine-ssh-client/src/main/java/org/eclipse/che/ide/ext/ssh/client/upload/UploadSshKeyPresenter.java

@@ -36,6 +36,7 @@ public class UploadSshKeyPresenter implements UploadSshKeyView.ActionDelegate {
     private String                  restContext;
     private NotificationManager     notificationManager;
     private AsyncCallback<Void>     callback;
+    private AppContext              appContext;
 
     @Inject
     public UploadSshKeyPresenter(UploadSshKeyView view,
@@ -47,6 +48,7 @@ public UploadSshKeyPresenter(UploadSshKeyView view,
         this.constant = constant;
         this.restContext = appContext.getMasterEndpoint();
         this.notificationManager = notificationManager;
+        this.appContext = appContext;
     }
 
     /** Show dialog. */
@@ -71,7 +73,15 @@ public void onUploadClicked() {
             return;
         }
         view.setEncoding(FormPanel.ENCODING_MULTIPART);
-        view.setAction(restContext + "/ssh");
+
+        String action = restContext + "/ssh";
+
+        String csrfToken = appContext.getProperties().get("X-CSRF-Token");
+        if (csrfToken != null) {
+            action += "?X-CSRF-Token=" + csrfToken;
+        }
+
+        view.setAction(action);
         view.submit();
     }
 

wsagent/che-core-ssh-key-ide/src/main/java/org/eclipse/che/plugin/ssh/key/client/upload/UploadSshKeyPresenter.java

@@ -36,6 +36,7 @@ public class UploadSshKeyPresenter implements UploadSshKeyView.ActionDelegate {
     private String                     restContext;
     private NotificationManager        notificationManager;
     private AsyncCallback<Void>        callback;
+    private AppContext                 appContext;
 
     @Inject
     public UploadSshKeyPresenter(UploadSshKeyView view,
@@ -47,6 +48,7 @@ public UploadSshKeyPresenter(UploadSshKeyView view,
         this.constant = constant;
         this.restContext = appContext.getMasterEndpoint();
         this.notificationManager = notificationManager;
+        this.appContext = appContext;
     }
 
     /** Show dialog. */
@@ -73,7 +75,15 @@ public void onUploadClicked() {
             return;
         }
         view.setEncoding(FormPanel.ENCODING_MULTIPART);
-        view.setAction(restContext + "/ssh");
+
+        String action = restContext + "/ssh";
+
+        String csrfToken = appContext.getProperties().get("X-CSRF-Token");
+        if (csrfToken != null) {
+            action += "?X-CSRF-Token=" + csrfToken;
+        }
+
+        view.setAction(action);
         view.submit();
     }