From da32ca761c651292d272355d7c5aae10b5e7e1ab Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Fri, 8 Sep 2017 14:08:29 +0200
Subject: [PATCH] when user logout session auth key is cleared
---
CHANGELOG | 5 ++++
frontend-js/.idea/frontend-js.iml | 1 +
frontend-js/src/main/js/ServerConnector.js | 22 +++++++++--------
frontend-js/testFiles/apiCalls/doLogout | 1 +
persist/src/db/11.0.1/fix_db_20170908.sql | 1 +
.../mapviewer/api/users/UserController.java | 24 +++++++++++++++----
6 files changed, 40 insertions(+), 14 deletions(-)
create mode 100644 frontend-js/testFiles/apiCalls/doLogout
create mode 100644 persist/src/db/11.0.1/fix_db_20170908.sql
diff --git a/CHANGELOG b/CHANGELOG
index 5ddd8c6f4e..1eb8ddc1b4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,8 @@
+minerva (11.0.1) stable; urgency=medium
+ * Bug fix: logout caused issues with session data
+
+ -- Piotr Gawron <piotr.gawron@uni.lu> Fri, 08 Sep 2017 12:00:00 +0200
+
minerva (11.0.0) stable; urgency=medium
* Bug fix: security issue - access to specific map can be restricted
diff --git a/frontend-js/.idea/frontend-js.iml b/frontend-js/.idea/frontend-js.iml
index 24643cc374..69ef67a424 100644
--- a/frontend-js/.idea/frontend-js.iml
+++ b/frontend-js/.idea/frontend-js.iml
@@ -3,6 +3,7 @@
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$">
<excludeFolder url="file://$MODULE_DIR$/.tmp" />
+ <excludeFolder url="file://$MODULE_DIR$/dist" />
<excludeFolder url="file://$MODULE_DIR$/temp" />
<excludeFolder url="file://$MODULE_DIR$/tmp" />
</content>
diff --git a/frontend-js/src/main/js/ServerConnector.js b/frontend-js/src/main/js/ServerConnector.js
index 8e87692ac1..36f7e29957 100644
--- a/frontend-js/src/main/js/ServerConnector.js
+++ b/frontend-js/src/main/js/ServerConnector.js
@@ -248,15 +248,14 @@ ServerConnector.getToken = function (token) {
var self = this;
token = self.getSessionData(null).getToken();
- if (token === undefined) {
+ var login = self.getSessionData(null).getLogin()
+ if (token === undefined || login === undefined) {
return self.login();
} else {
// if the project is not initialized then check if we can download data
// using current token
if (self.getSessionData().getProject() === null) {
- return self.getConfiguration({
- token: token
- }).then(function () {
+ return self.getConfiguration().then(function () {
return token;
}, function () {
return self.login();
@@ -376,6 +375,12 @@ ServerConnector.loginUrl = function () {
});
};
+ServerConnector.logoutUrl = function () {
+ return this.getApiUrl({
+ type: "/doLogout",
+ });
+};
+
ServerConnector.getSuggestedQueryListUrl = function (queryParams, filterParams) {
return this.getApiUrl({
url: this.getBioEntitiesUrl(queryParams) + "suggestedQueryList/",
@@ -603,10 +608,7 @@ ServerConnector.getUserUrl = function (queryParams, filterParams) {
});
};
-ServerConnector.getConfiguration = function (params) {
- if (params === undefined) {
- params = {};
- }
+ServerConnector.getConfiguration = function () {
var self = this;
if (this._configuration === undefined) {
return self.readFile(self.getConfigurationUrl()).then(function (content) {
@@ -947,7 +949,7 @@ ServerConnector.getClosestElementsByCoordinates = function (params) {
ServerConnector.login = function (login, password) {
var self = this;
var params = {};
- if (login !== undefined) {
+ if (login !== undefined && login !== "") {
params.login = login;
params.password = password;
} else {
@@ -970,7 +972,7 @@ ServerConnector.logout = function () {
var self = this;
self.getSessionData().setToken(undefined);
self.getSessionData().setLogin(undefined);
- return Promise.resolve();
+ return self.readFile(self.logoutUrl());
};
ServerConnector.getElementsByQuery = function (params) {
diff --git a/frontend-js/testFiles/apiCalls/doLogout b/frontend-js/testFiles/apiCalls/doLogout
new file mode 100644
index 0000000000..1a36cf5fc2
--- /dev/null
+++ b/frontend-js/testFiles/apiCalls/doLogout
@@ -0,0 +1 @@
+{"status":"ok"}
\ No newline at end of file
diff --git a/persist/src/db/11.0.1/fix_db_20170908.sql b/persist/src/db/11.0.1/fix_db_20170908.sql
new file mode 100644
index 0000000000..a33b6ad89d
--- /dev/null
+++ b/persist/src/db/11.0.1/fix_db_20170908.sql
@@ -0,0 +1 @@
+-- empty file to force directory to be commited to git repo
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java b/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
index a7b6b76983..d85484790e 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
@@ -78,11 +78,27 @@ public class UserController extends BaseController {
}
@RequestMapping(value = "/doLogout", method = { RequestMethod.GET, RequestMethod.POST }, produces = { MediaType.APPLICATION_JSON_VALUE })
- public Map<String, String> logout(@CookieValue(value = Configuration.AUTH_TOKEN) String token) throws SecurityException {
+ public Map<String, String> logout(@CookieValue(value = Configuration.AUTH_TOKEN) String token,
+ HttpServletResponse response //
+ ) throws SecurityException, IOException {
userService.logout(token);
- Map<String, String> response = new HashMap<>();
- response.put("status", "OK");
- return response;
+ Map<String, String> result = new HashMap<>();
+ result.put("status", "OK");
+
+ final Boolean useSecureCookie = false;
+ final String cookiePath = "/";
+
+ Cookie cookie = new Cookie("MINERVA_AUTH_TOKEN", token);
+
+ cookie.setSecure(useSecureCookie);
+ cookie.setMaxAge(0);
+ cookie.setPath(cookiePath);
+
+ response.addCookie(cookie);
+ response.getWriter().write("{\"status\":\"OK\"}");
+ response.getWriter().flush();
+ response.getWriter().close();
+ return result;
}
/**
--
GitLab