add fetch options

1 month ago · 871ef6dda6
parent 40052a2d7c
commit 871ef6dda6
4 changed files with 31 additions and 9 deletions
--- a/app/javascript/submission_form/completed.vue
+++ b/app/javascript/submission_form/completed.vue
@ -161,6 +161,11 @@ export default {
      required: false,
      default: false
    },
    fetchOptions: {
      type: Object,
      required: false,
      default: () => ({})
    },
    completedButton: {
      type: Object,
      required: false,
@ -214,7 +219,10 @@ export default {
    download () {
      this.isDownloading = true
-      fetch(this.baseUrl + `/submitters/${this.submitterSlug}/download`).then(async (response) => {
+      fetch(this.baseUrl + `/submitters/${this.submitterSlug}/download`, {
        method: 'GET',
        ...this.fetchOptions
      }).then(async (response) => {
        if (response.ok) {
          const urls = await response.json()
          const isMobileSafariIos = 'ontouchstart' in window && navigator.maxTouchPoints > 0 && /AppleWebKit/i.test(navigator.userAgent)
--- a/app/javascript/submission_form/form.vue
+++ b/app/javascript/submission_form/form.vue
@ -530,6 +530,7 @@
        v-else-if="isInvite"
        :submitters="inviteSubmitters"
        :optional-submitters="optionalInviteSubmitters"
        :fetch-options="fetchOptions"
        :submitter-slug="submitterSlug"
        :authenticity-token="authenticityToken"
        :url="baseUrl + submitPath + '/invite'"
@ -543,6 +544,7 @@
        :has-signature-fields="stepFields.some((fields) => fields.some((f) => ['signature', 'initials'].includes(f.type)))"
        :has-multiple-documents="hasMultipleDocuments"
        :completed-button="completedRedirectUrl ? {} : completedButton"
        :fetch-options="fetchOptions"
        :completed-message="completedRedirectUrl ? {} : completedMessage"
        :with-send-copy-button="withSendCopyButton && !completedRedirectUrl"
        :with-download-button="withDownloadButton && !completedRedirectUrl && !dryRun"
@ -678,6 +680,11 @@ export default {
      required: false,
      default: () => []
    },
    fetchOptions: {
      type: Object,
      required: false,
      default: () => ({})
    },
    optionalInviteSubmitters: {
      type: Array,
      required: false,
@ -1467,7 +1474,8 @@ export default {
      } else {
        return fetch(this.baseUrl + this.submitPath, {
          method: 'POST',
-          body: formData || new FormData(this.$refs.form)
+          body: formData || new FormData(this.$refs.form),
          ...this.fetchOptions
        }).then((response) => {
          if (response.status === 200) {
            currentFieldUuids.forEach((fieldUuid) => {
--- a/app/javascript/submission_form/invite_form.vue
+++ b/app/javascript/submission_form/invite_form.vue
@ -78,6 +78,11 @@ export default {
      type: Array,
      required: true
    },
    fetchOptions: {
      type: Object,
      required: false,
      default: () => ({})
    },
    optionalSubmitters: {
      type: Array,
      required: false,
@ -108,7 +113,8 @@ export default {
      return fetch(this.url, {
        method: 'POST',
-        body: new FormData(this.$refs.form)
+        body: new FormData(this.$refs.form),
        ...this.fetchOptions
      }).then((response) => {
        if (response.status === 200) {
          this.$emit('success')
--- a/lib/submitters/authorized_for_form.rb
+++ b/lib/submitters/authorized_for_form.rb
@ -17,9 +17,10 @@ module Submitters
                     submitter.preferences['require_email_2fa'] != true
      return true if request.cookie_jar.encrypted[:email_2fa_slug] == submitter.slug
-      return true if request.params[:two_factor_token].present? &&
+      token = request.params[:two_factor_token].presence || request.headers['x-two-factor-token'].presence
-                     Submitter.signed_id_verifier.verified(request.params[:two_factor_token],
+
-                                                           purpose: :email_two_factor) == submitter.slug
+      return true if token.present? &&
                     Submitter.signed_id_verifier.verified(token, purpose: :email_two_factor) == submitter.slug
      false
    end
@ -32,11 +33,10 @@ module Submitters
      return true if request.cookie_jar.encrypted[:email_2fa_slug] == submitter.slug
      return true if submitter.email == current_user&.email && current_user&.account_id == submitter.account_id
-      if request.params[:two_factor_token].present?
+      if (token = request.params[:two_factor_token].presence || request.headers['x-two-factor-token'].presence)
        link_2fa_key = [submitter.email.downcase.squish, submitter.submission.template.slug].join(':')
-        return true if Submitter.signed_id_verifier.verified(request.params[:two_factor_token],
+        return true if Submitter.signed_id_verifier.verified(token, purpose: :email_two_factor) == link_2fa_key
                                                             purpose: :email_two_factor) == link_2fa_key
      end
      false