mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-07-07 17:12:29 +02:00
remove unnecessary use of local storage, extract the xsrf token on every request
This commit is contained in:
@@ -120,7 +120,6 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{
|
||||
if ( debug ){
|
||||
console.debug( 'login success' );
|
||||
}
|
||||
this.handleXsrf();
|
||||
main.loadState( action.result );
|
||||
},
|
||||
|
||||
@@ -148,35 +147,6 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
handleXsrf: function() {
|
||||
var tokenCompressed = Ext.util.Cookies.get('X-Bearer-Token');
|
||||
if (tokenCompressed) {
|
||||
var tokenClaimsCompressed = tokenCompressed.split('.')[1];
|
||||
tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/');
|
||||
if (!window.atob) {
|
||||
if (debug) {
|
||||
console.log('ERROR: browser does not support window.atob');
|
||||
}
|
||||
} else {
|
||||
var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed));
|
||||
var xsrfToken = token['scm-manager.org/xsrf'];
|
||||
if (xsrfToken) {
|
||||
// TODO check for support
|
||||
localStorage.setItem('X-XSRF-Token', xsrfToken);
|
||||
} else {
|
||||
if (debug) {
|
||||
console.log('no xsrf token found');
|
||||
}
|
||||
// TODO check for support
|
||||
localStorage.removeItem('X-XSRF-Token');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// TODO check for support
|
||||
localStorage.removeItem('X-XSRF-Token');
|
||||
}
|
||||
},
|
||||
|
||||
specialKeyPressed: function(field, e){
|
||||
if (e.getKey() === e.ENTER) {
|
||||
|
||||
@@ -31,3 +31,18 @@
|
||||
|
||||
// register namespace
|
||||
Ext.ns('Sonia.security');
|
||||
|
||||
Sonia.security.getXsrfToken = function() {
|
||||
var tokenCompressed = Ext.util.Cookies.get('X-Bearer-Token');
|
||||
if (tokenCompressed) {
|
||||
var tokenClaimsCompressed = tokenCompressed.split('.')[1];
|
||||
tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/');
|
||||
if (window.atob) {
|
||||
var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed));
|
||||
return token['scm-manager.org/xsrf'];
|
||||
} else if (debug) {
|
||||
console.log('ERROR: browser does not support window.atob');
|
||||
}
|
||||
}
|
||||
return undefined;
|
||||
};
|
||||
@@ -39,8 +39,7 @@ Ext.Ajax.defaultHeaders = {
|
||||
|
||||
// XSRF protection
|
||||
Ext.Ajax.on('beforerequest', function(conn, options){
|
||||
// TODO check for support
|
||||
var token = localStorage.getItem('X-XSRF-Token');
|
||||
var token = Sonia.security.getXsrfToken();
|
||||
if (token){
|
||||
if (!options.headers){
|
||||
options.headers = {};
|
||||
|
||||
Reference in New Issue
Block a user