[fix] csrf token for website if switch to desk

frappe/core/doctype/file/file.py

@@ -91,7 +91,7 @@ class File(NestedSet):
 			frappe.throw(_("Folder is mandatory"))
 
 	def validate_duplicate_entry(self):
-		if not self.flags.ignore_duplicate_entry_error:
+		if not self.flags.ignore_duplicate_entry_error and not self.is_folder:
 			# check duplicate assignement
 			n_records = frappe.db.sql("""select name from `tabFile`
 				where content_hash=%s

frappe/patches/v6_1/rename_file_data.py

@@ -14,6 +14,8 @@ def execute():
 	for file in frappe.get_all("File", filters={"is_folder": 0}):
 		file = frappe.get_doc("File", file.name)
 		file.flags.ignore_folder_validate = True
+		file.flags.ignore_duplicate_entry_error = True
+		file.flags.ignore_links = True
 		file.set_folder_name()
 		file.save()
 

frappe/public/build.json

@@ -15,6 +15,7 @@
 		"public/js/lib/moment/moment.min.js",
 		"public/js/lib/highlight.pack.js",
 		"public/js/frappe/class.js",
+		"public/js/lib/microtemplate.js",
 		"website/js/website.js",
 		"public/js/lib/socket.io.min.js"
 	],

frappe/public/js/frappe/request.js

@@ -121,7 +121,7 @@ frappe.request.call = function(opts) {
 		type: opts.type,
 		dataType: opts.dataType || 'json',
 		async: opts.async,
-		headers: { "X-Frappe-CSRF-Token": frappe.boot.csrf_token }
+		headers: { "X-Frappe-CSRF-Token": frappe.csrf_token }
 	};
 
 	frappe.last_request = ajax_args.data;

frappe/templates/base.html

@@ -113,6 +113,8 @@
 		</script>
 	{%- endblock %}
 
+	<!-- csrf_token -->
+
     {%- block body_include %}{{ body_include or "" }}{% endblock -%}
 </body>
 </html>

frappe/templates/pages/desk.html

@@ -53,6 +53,8 @@
 
 	frappe.boot = {{ boot }};
 
+	frappe.csrf_token = "{{ csrf_token }}";
+
 	</script>
 
 	{% for include in include_js %}

frappe/templates/pages/desk.py

@@ -21,7 +21,7 @@ def get_context(context):
 	boot = frappe.sessions.get()
 
 	# this needs commit
-	boot["csrf_token"] = frappe.sessions.get_csrf_token()
+	csrf_token = frappe.sessions.get_csrf_token()
 
 	frappe.db.commit()
 
@@ -35,6 +35,7 @@ def get_context(context):
 		"include_js": hooks["app_include_js"],
 		"include_css": hooks["app_include_css"],
 		"boot": boot if context.get("for_mobile") else boot_json,
+		"csrf_token": csrf_token,
 		"background_image": boot.user.background_image or boot.default_background_image,
 		"google_analytics_id": frappe.conf.get("google_analytics_id")
 	}

frappe/website/js/website.js

@@ -35,6 +35,7 @@ $.extend(frappe, {
 			url: "/",
 			data: opts.args,
 			dataType: "json",
+			headers: { "X-Frappe-CSRF-Token": frappe.csrf_token },
 			statusCode: {
 				404: function(xhr) {
 					frappe.msgprint(__("Not found"));

frappe/website/render.py

@@ -4,6 +4,7 @@
 from __future__ import unicode_literals
 import frappe
 from frappe import _
+import frappe.sessions
 from frappe.utils import cstr
 import mimetypes, json
 from werkzeug.wrappers import Response
@@ -54,6 +55,8 @@ def render(path, http_status_code=None):
 		data = render_page(path)
 		http_status_code = 500
 
+	data = add_csrf_token(data)
+
 	return build_response(path, data, http_status_code or 200)
 
 def set_lang():
@@ -87,6 +90,16 @@ def get_doctype_from_path(path):
 
 	return None, None
 
+def add_csrf_token(data):
+	if is_ajax() or frappe.session.user == "Guest" or not frappe.local.session.data.csrf_token:
+		pass
+
+	else:
+		data = data.replace("<!-- csrf_token -->", '<script>frappe.csrf_token = "{0}";</script>'.format(
+			frappe.local.session.data.csrf_token))
+
+	return data
+
 def build_response(path, data, http_status_code, headers=None):
 	# build response
 	response = Response()