diff --git a/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js b/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js index fbb1fddda7..74336ace21 100644 --- a/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js +++ b/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js @@ -120,7 +120,6 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{ if ( debug ){ console.debug( 'login success' ); } - this.handleXsrf(); main.loadState( action.result ); }, @@ -148,35 +147,6 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{ } }); }, - - handleXsrf: function() { - var tokenCompressed = Ext.util.Cookies.get('X-Bearer-Token'); - if (tokenCompressed) { - var tokenClaimsCompressed = tokenCompressed.split('.')[1]; - tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/'); - if (!window.atob) { - if (debug) { - console.log('ERROR: browser does not support window.atob'); - } - } else { - var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed)); - var xsrfToken = token['scm-manager.org/xsrf']; - if (xsrfToken) { - // TODO check for support - localStorage.setItem('X-XSRF-Token', xsrfToken); - } else { - if (debug) { - console.log('no xsrf token found'); - } - // TODO check for support - localStorage.removeItem('X-XSRF-Token'); - } - } - } else { - // TODO check for support - localStorage.removeItem('X-XSRF-Token'); - } - }, specialKeyPressed: function(field, e){ if (e.getKey() === e.ENTER) { diff --git a/scm-webapp/src/main/webapp/resources/js/security/sonia.security.js b/scm-webapp/src/main/webapp/resources/js/security/sonia.security.js index 9625f214d2..23f41374a7 100644 --- a/scm-webapp/src/main/webapp/resources/js/security/sonia.security.js +++ b/scm-webapp/src/main/webapp/resources/js/security/sonia.security.js @@ -31,3 +31,18 @@ // register namespace Ext.ns('Sonia.security'); + +Sonia.security.getXsrfToken = function() { + var tokenCompressed = Ext.util.Cookies.get('X-Bearer-Token'); + if (tokenCompressed) { + var tokenClaimsCompressed = tokenCompressed.split('.')[1]; + tokenClaimsCompressed = tokenClaimsCompressed.replace('-', '+').replace('_', '/'); + if (window.atob) { + var token = Ext.util.JSON.decode(window.atob(tokenClaimsCompressed)); + return token['scm-manager.org/xsrf']; + } else if (debug) { + console.log('ERROR: browser does not support window.atob'); + } + } + return undefined; +}; \ No newline at end of file diff --git a/scm-webapp/src/main/webapp/resources/js/sonia.global.js b/scm-webapp/src/main/webapp/resources/js/sonia.global.js index 7d1b43a553..ef7dc72a56 100644 --- a/scm-webapp/src/main/webapp/resources/js/sonia.global.js +++ b/scm-webapp/src/main/webapp/resources/js/sonia.global.js @@ -39,8 +39,7 @@ Ext.Ajax.defaultHeaders = { // XSRF protection Ext.Ajax.on('beforerequest', function(conn, options){ - // TODO check for support - var token = localStorage.getItem('X-XSRF-Token'); + var token = Sonia.security.getXsrfToken(); if (token){ if (!options.headers){ options.headers = {};