remove unnecessary use of local storage, extract the xsrf token on every request

This commit is contained in:
Sebastian Sdorra
2017-01-14 14:03:01 +01:00
parent 7e5f7bfdf7
commit 7d6d23b04d
3 changed files with 16 additions and 32 deletions

View File

@@ -120,7 +120,6 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{
if ( debug ){
console.debug( 'login success' );
}
this.handleXsrf();
main.loadState( action.result );
},
@@ -148,35 +147,6 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{
}
});
},
handleXsrf: function() {
var tokenCompressed = Ext.util.Cookies.get('X-Bearer-Token');
if (tokenCompressed) {
var tokenClaimsCompressed = tokenCompressed.split('.')[1];
tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/');
if (!window.atob) {
if (debug) {
console.log('ERROR: browser does not support window.atob');
}
} else {
var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed));
var xsrfToken = token['scm-manager.org/xsrf'];
if (xsrfToken) {
// TODO check for support
localStorage.setItem('X-XSRF-Token', xsrfToken);
} else {
if (debug) {
console.log('no xsrf token found');
}
// TODO check for support
localStorage.removeItem('X-XSRF-Token');
}
}
} else {
// TODO check for support
localStorage.removeItem('X-XSRF-Token');
}
},
specialKeyPressed: function(field, e){
if (e.getKey() === e.ENTER) {

View File

@@ -31,3 +31,18 @@
// register namespace
Ext.ns('Sonia.security');
Sonia.security.getXsrfToken = function() {
var tokenCompressed = Ext.util.Cookies.get('X-Bearer-Token');
if (tokenCompressed) {
var tokenClaimsCompressed = tokenCompressed.split('.')[1];
tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/');
if (window.atob) {
var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed));
return token['scm-manager.org/xsrf'];
} else if (debug) {
console.log('ERROR: browser does not support window.atob');
}
}
return undefined;
};

View File

@@ -39,8 +39,7 @@ Ext.Ajax.defaultHeaders = {
// XSRF protection
Ext.Ajax.on('beforerequest', function(conn, options){
// TODO check for support
var token = localStorage.getItem('X-XSRF-Token');
var token = Sonia.security.getXsrfToken();
if (token){
if (!options.headers){
options.headers = {};