From b2ce531fa25df5ca4f92619acf63ab986c49c392 Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Sun, 12 Feb 2017 18:46:37 +0100 Subject: [PATCH] Adding validation token during login --- .../src/main/webapp/js/archiva/main.js | 23 +++++++++++++++++-- .../src/main/webapp/js/redback/user.js | 20 +++++++++++----- 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/archiva/main.js b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/archiva/main.js index cd3f09250..4085d4438 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/archiva/main.js +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/archiva/main.js @@ -37,7 +37,7 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa var kUser = new User(user.username, user.password, user.confirmPassword,user.fullName,user.email,user.permanent,user.validated, user.timestampAccountCreation,user.timestampLastLogin,user.timestampLastPasswordChange,user.locked, - user.passwordChangeRequired,null,user.readOnly,user.userManagerId); + user.passwordChangeRequired,null,user.readOnly,user.userManagerId, user.validationToken); kUser.rememberme(user.rememberme()); var userJson=ko.toJSON(kUser); @@ -73,7 +73,7 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa } var kUser = new User(user.username, user.password, user.confirmPassword,user.fullName,user.email,user.permanent,user.validated, user.timestampAccountCreation,user.timestampLastLogin,user.timestampLastPasswordChange,user.locked, - user.passwordChangeRequired,null,user.readOnly,user.userManagerId); + user.passwordChangeRequired,null,user.readOnly,user.userManagerId, user.validationToken); $.log("user.rememberme:"+user.rememberme); @@ -860,6 +860,19 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa return $.inArray(karmaName,window.redbackModel.operatioNames)>=0; }; + addValidationTokenHeader=function(user) { + if (user.validationToken) { + $.log("Adding validation token "+user.validationToken); + $.ajaxSetup({ + beforeSend: function (xhr) { + xhr.setRequestHeader('X-XSRF-TOKEN', user.validationToken); + } + }); + } else { + $.log("No validation token in user object "+user.username+", "+user.validationToken); + } + } + startArchivaApplication=function(){ $.log("startArchivaApplication"); @@ -896,6 +909,9 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa window.redbackModel.password=user.password(); loginCall(user.username(),user.password(),user.rememberme() ,successLoginCallbackFn,errorLoginCallbackFn,completeLoginCallbackFn); + } else { + // Token for origin validation + addValidationTokenHeader(user); } }; @@ -918,6 +934,7 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa } if (logged == true) { var user = mapUser(result); + addValidationTokenHeader(user); if (user.passwordChangeRequired()==true){ changePasswordBox(true,false,user); @@ -948,6 +965,8 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa } clearForm("#user-login-form"); decorateMenuWithKarma(user); + + // Token for origin validation $("#login-welcome" ).show(); $("#welcome-label" ).html( $.i18n.prop("user.login.welcome",user.username())); return; diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/redback/user.js b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/redback/user.js index 758a56a94..7464b5d31 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/redback/user.js +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/js/redback/user.js @@ -36,9 +36,11 @@ function(jquery,utils,i18n,jqueryValidate,ko,koSimpleGrid,purl) { * @param ownerViewModel * @param readOnly * @param uuserManagerId + * @param validationToken */ User=function(username, password, confirmPassword,fullName,email,permanent,validated,timestampAccountCreation, - timestampLastLogin,timestampLastPasswordChange,locked,passwordChangeRequired,ownerViewModel,readOnly,userManagerId) { + timestampLastLogin,timestampLastPasswordChange,locked,passwordChangeRequired,ownerViewModel,readOnly, + userManagerId,validationToken) { var self=this; // Potentially Editable Field. this.username = ko.observable(username); @@ -84,6 +86,8 @@ function(jquery,utils,i18n,jqueryValidate,ko,koSimpleGrid,purl) { this.rememberme=ko.observable(false); + this.validationToken=validationToken; + this.logged=false; this.remove = function() { @@ -145,17 +149,20 @@ function(jquery,utils,i18n,jqueryValidate,ko,koSimpleGrid,purl) { var created = result; if (created == true) { displaySuccessMessage( $.i18n.prop("user.admin.created")); - var onSuccessCall=function(){ + var onSuccessCall=function(result){ + var logUser = mapUser(result); + currentAdminUser.validationToken=logUser.validationToken; reccordLoginCookie(currentAdminUser); + addValidationTokenHeader(currentAdminUser); window.archivaModel.adminExists=true; screenChange(); checkCreateAdminLink(); checkSecurityLinks(); + if(succesCallbackFn){ + succesCallbackFn(); + } } loginCall(currentAdminUser.username(), currentAdminUser.password(),false,onSuccessCall); - if(succesCallbackFn){ - succesCallbackFn(); - } return this; } else { displayErrorMessage("admin user not created"); @@ -757,7 +764,8 @@ function(jquery,utils,i18n,jqueryValidate,ko,koSimpleGrid,purl) { mapUser=function(data) { return new User(data.username, data.password, null,data.fullName,data.email,data.permanent,data.validated, data.timestampAccountCreation,data.timestampLastLogin,data.timestampLastPasswordChange, - data.locked,data.passwordChangeRequired,self,data.readOnly,data.userManagerId); + data.locked,data.passwordChangeRequired,self,data.readOnly,data.userManagerId, + data.validationToken); }