Commit da32ca76 authored by Piotr Gawron's avatar Piotr Gawron
Browse files

when user logout session auth key is cleared

parent c06dff60
minerva (11.0.1) stable; urgency=medium
* Bug fix: logout caused issues with session data
-- Piotr Gawron <piotr.gawron@uni.lu> Fri, 08 Sep 2017 12:00:00 +0200
minerva (11.0.0) stable; urgency=medium
* Bug fix: security issue - access to specific map can be restricted
......
......@@ -3,6 +3,7 @@
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$">
<excludeFolder url="file://$MODULE_DIR$/.tmp" />
<excludeFolder url="file://$MODULE_DIR$/dist" />
<excludeFolder url="file://$MODULE_DIR$/temp" />
<excludeFolder url="file://$MODULE_DIR$/tmp" />
</content>
......
......@@ -248,15 +248,14 @@ ServerConnector.getToken = function (token) {
var self = this;
token = self.getSessionData(null).getToken();
if (token === undefined) {
var login = self.getSessionData(null).getLogin()
if (token === undefined || login === undefined) {
return self.login();
} else {
// if the project is not initialized then check if we can download data
// using current token
if (self.getSessionData().getProject() === null) {
return self.getConfiguration({
token: token
}).then(function () {
return self.getConfiguration().then(function () {
return token;
}, function () {
return self.login();
......@@ -376,6 +375,12 @@ ServerConnector.loginUrl = function () {
});
};
ServerConnector.logoutUrl = function () {
return this.getApiUrl({
type: "/doLogout",
});
};
ServerConnector.getSuggestedQueryListUrl = function (queryParams, filterParams) {
return this.getApiUrl({
url: this.getBioEntitiesUrl(queryParams) + "suggestedQueryList/",
......@@ -603,10 +608,7 @@ ServerConnector.getUserUrl = function (queryParams, filterParams) {
});
};
ServerConnector.getConfiguration = function (params) {
if (params === undefined) {
params = {};
}
ServerConnector.getConfiguration = function () {
var self = this;
if (this._configuration === undefined) {
return self.readFile(self.getConfigurationUrl()).then(function (content) {
......@@ -947,7 +949,7 @@ ServerConnector.getClosestElementsByCoordinates = function (params) {
ServerConnector.login = function (login, password) {
var self = this;
var params = {};
if (login !== undefined) {
if (login !== undefined && login !== "") {
params.login = login;
params.password = password;
} else {
......@@ -970,7 +972,7 @@ ServerConnector.logout = function () {
var self = this;
self.getSessionData().setToken(undefined);
self.getSessionData().setLogin(undefined);
return Promise.resolve();
return self.readFile(self.logoutUrl());
};
ServerConnector.getElementsByQuery = function (params) {
......
{"status":"ok"}
\ No newline at end of file
-- empty file to force directory to be commited to git repo
......@@ -78,11 +78,27 @@ public class UserController extends BaseController {
}
@RequestMapping(value = "/doLogout", method = { RequestMethod.GET, RequestMethod.POST }, produces = { MediaType.APPLICATION_JSON_VALUE })
public Map<String, String> logout(@CookieValue(value = Configuration.AUTH_TOKEN) String token) throws SecurityException {
public Map<String, String> logout(@CookieValue(value = Configuration.AUTH_TOKEN) String token,
HttpServletResponse response //
) throws SecurityException, IOException {
userService.logout(token);
Map<String, String> response = new HashMap<>();
response.put("status", "OK");
return response;
Map<String, String> result = new HashMap<>();
result.put("status", "OK");
final Boolean useSecureCookie = false;
final String cookiePath = "/";
Cookie cookie = new Cookie("MINERVA_AUTH_TOKEN", token);
cookie.setSecure(useSecureCookie);
cookie.setMaxAge(0);
cookie.setPath(cookiePath);
response.addCookie(cookie);
response.getWriter().write("{\"status\":\"OK\"}");
response.getWriter().flush();
response.getWriter().close();
return result;
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment