From 37f14d7932f581b8f5978985c70b7fdd8674ae86 Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Tue, 20 Feb 2018 16:55:24 +0100
Subject: [PATCH] session id is not visible from client side therefore before
any query is made we need to make sure that token will be obtained with valid
token
---
frontend-js/src/main/js/ServerConnector.js | 66 ++++++++++---------
frontend-js/src/main/js/SessionData.js | 1 +
.../main/js/gui/leftPanel/ProjectInfoPanel.js | 6 --
frontend-js/src/main/js/minerva.js | 14 ++--
.../src/test/js/ServerConnector-test.js | 13 ----
5 files changed, 43 insertions(+), 57 deletions(-)
diff --git a/frontend-js/src/main/js/ServerConnector.js b/frontend-js/src/main/js/ServerConnector.js
index 4c75b88412..8e7134f3ae 100644
--- a/frontend-js/src/main/js/ServerConnector.js
+++ b/frontend-js/src/main/js/ServerConnector.js
@@ -17,6 +17,7 @@ var Comment = require('./map/data/Comment');
var Configuration = require('./Configuration');
var Drug = require('./map/data/Drug');
var ConfigurationType = require('./ConfigurationType');
+var Functions = require('./Functions');
var IdentifiedElement = require('./map/data/IdentifiedElement');
var InvalidCredentialsError = require('./InvalidCredentialsError');
var LayoutAlias = require('./map/data/LayoutAlias');
@@ -129,6 +130,20 @@ ServerConnector.sendGetRequest = function (url, description) {
});
};
+function isSessionExpiredError(error) {
+ if (error instanceof NetworkError) {
+ if (error.statusCode === HttpStatus.FORBIDDEN) {
+ if (error.content.indexOf('"reason":"Invalid token"') >= 0) {
+ return true;
+ }
+ if (error.content.indexOf('"reason":"Missing cookie') >= 0) {
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
ServerConnector.sendRequest = function (params) {
var self = this;
if (arguments.length > 1) {
@@ -154,17 +169,21 @@ ServerConnector.sendRequest = function (params) {
}).then(function () {
return content;
}, function (error) {
- if (error instanceof NetworkError) {
- if (error.statusCode === HttpStatus.FORBIDDEN && error.content.indexOf('"reason":"Invalid token"') >= 0) {
- self.getSessionData().setToken(undefined);
- if (self.getSessionData().getLogin() === "anonymous") {
+ var promise = Promise.resolve();
+ if (isSessionExpiredError(error)) {
+ self.getSessionData().setToken(undefined);
+ var login = self.getSessionData().getLogin();
+ promise = self.login().then(function () {
+ if (login === "anonymous" || login === undefined) {
window.location.reload(false);
} else {
window.location.href = ServerConnector.getServerBaseUrl() + "login.xhtml?from=" + encodeURI(window.location.href);
}
- }
+ });
}
- return Promise.reject(error);
+ return promise.then(function () {
+ return Promise.reject(error);
+ });
});
};
@@ -219,30 +238,6 @@ ServerConnector.sendPatchRequest = function (url, json) {
});
};
-ServerConnector.getToken = function () {
- var self = this;
-
- var login = self.getSessionData(null).getLogin();
- var token = self.getSessionData(null).getToken();
- if (token === undefined || login === undefined) {
- return self.login();
- } else {
- // if the project is not initialized then check if we can download data
- // using current token
- if (self.getSessionData().getProject() === null) {
- return self.getConfiguration().then(function () {
- return token;
- // if there was an error accessing configuration it means our token is
- // invalid
- }, function () {
- return self.login();
- });
- } else {
- return Promise.resolve(token);
- }
- }
-};
-
ServerConnector.getApiBaseUrl = function () {
return this.getServerBaseUrl() + "/api/";
};
@@ -1334,11 +1329,12 @@ ServerConnector.getComments = function (params) {
ServerConnector.getSessionData = function (project) {
if (this._sessionData === undefined) {
- this._sessionData = new SessionData(project);
+ this._sessionData = new SessionData(null);
}
if (project !== undefined && this._sessionData.getProject() === null) {
this._sessionData.setProject(project);
}
+
return this._sessionData;
};
@@ -1364,6 +1360,14 @@ ServerConnector.getClosestElementsByCoordinates = function (params) {
});
};
+ServerConnector.createSession = function () {
+ var self = this;
+ return self.getConfiguration().catch(function (error) {
+ if (isSessionExpiredError(error)) {
+ return self.login();
+ }
+ });
+};
ServerConnector.login = function (login, password) {
var self = this;
var params = {};
diff --git a/frontend-js/src/main/js/SessionData.js b/frontend-js/src/main/js/SessionData.js
index 08cc58aaa7..28c7bdce55 100644
--- a/frontend-js/src/main/js/SessionData.js
+++ b/frontend-js/src/main/js/SessionData.js
@@ -159,6 +159,7 @@ SessionData.prototype.setToken = function(token) {
SessionData.prototype.getToken = function() {
var key = SessionObjectType.TOKEN;
var value = Cookies.get(key);
+ Cookies.set('name', 'value', { expires: 7, path: '' });
return value;
};
diff --git a/frontend-js/src/main/js/gui/leftPanel/ProjectInfoPanel.js b/frontend-js/src/main/js/gui/leftPanel/ProjectInfoPanel.js
index 357c3560f4..a9501998f4 100644
--- a/frontend-js/src/main/js/gui/leftPanel/ProjectInfoPanel.js
+++ b/frontend-js/src/main/js/gui/leftPanel/ProjectInfoPanel.js
@@ -153,12 +153,6 @@ ProjectInfoPanel.prototype._createInfoPanelGui = function () {
type: "a",
href: ServerConnector.getServerBaseUrl() + "/export.xhtml?id=" + projectId,
content: '<i class="fa fa-mail-forward"> EXPORT',
- onclick: function () {
- //TODO session expired hack (it should be done on the export.xhtml web page)
- if (ServerConnector.getSessionData().getToken() === undefined) {
- exportButton.href = ServerConnector.getServerBaseUrl() + "login.xhtml?from=" + encodeURI(exportButton.href);
- }
- },
xss: false
});
liElement = Functions.createElement({
diff --git a/frontend-js/src/main/js/minerva.js b/frontend-js/src/main/js/minerva.js
index 09387a4e6c..dd99ee55d2 100644
--- a/frontend-js/src/main/js/minerva.js
+++ b/frontend-js/src/main/js/minerva.js
@@ -243,7 +243,8 @@ function create(params) {
+ "<img src='resources/images/icons/ajax-loader.gif'/>" + "</div>";
// make sure that we are logged in
- return ServerConnector.getToken().then(function () {
+ // make sure that we are logged in
+ return ServerConnector.createSession().then(function () {
return ServerConnector.getConfiguration();
}).then(function (configuration) {
params.setConfiguration(configuration);
@@ -505,9 +506,10 @@ function createLogin(params) {
params = new CustomMapOptions(params);
}
initGlobals(params);
- return ServerConnector.getToken().then(function () {
+ // make sure that we are logged in
+ return ServerConnector.createSession().then(function () {
return ServerConnector.getConfiguration();
- }).then(function (footer) {
+ }).then(function (configuration) {
var loginDiv = createLoginDiv(params);
params.getElement().appendChild(loginDiv);
return createFooter(params);
@@ -529,9 +531,7 @@ function createExport(params) {
var result;
// make sure that we are logged in
- return ServerConnector.getToken().then(function () {
- return ServerConnector.getConfiguration();
- }).then(function (configuration) {
+ return ServerConnector.getConfiguration().then(function (configuration) {
params.setConfiguration(configuration);
return getProject(params);
}).then(function (project) {
@@ -559,7 +559,7 @@ function createAdmin(params) {
var result;
// make sure that we are logged in
- return ServerConnector.getToken().then(function () {
+ return ServerConnector.createSession().then(function () {
return ServerConnector.getConfiguration();
}).then(function (configuration) {
params.setConfiguration(configuration);
diff --git a/frontend-js/src/test/js/ServerConnector-test.js b/frontend-js/src/test/js/ServerConnector-test.js
index 039de8876b..868e4997c6 100644
--- a/frontend-js/src/test/js/ServerConnector-test.js
+++ b/frontend-js/src/test/js/ServerConnector-test.js
@@ -227,19 +227,6 @@ describe('ServerConnector', function () {
});
});
- it('getToken', function () {
- ServerConnector.getSessionData(null).setToken(undefined);
- var originalFun = ServerConnector.login;
- ServerConnector.login = function () {
- return Promise.resolve("TOKEN");
- };
- return ServerConnector.getToken().then(function (token) {
- assert.ok(token !== undefined);
- }).finally(function () {
- ServerConnector.login = originalFun;
- });
- });
-
it('getModelDownloadUrl', function () {
return ServerConnector.getModelDownloadUrl({
backgroundOverlayId: "cv14081"
--
GitLab