Adding validation token during login

This commit is contained in:
Martin Stockhammer 2017-02-12 18:46:37 +01:00
parent 709ee5bb39
commit b2ce531fa2
2 changed files with 35 additions and 8 deletions

View File

@ -37,7 +37,7 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa
var kUser = new User(user.username, user.password, user.confirmPassword,user.fullName,user.email,user.permanent,user.validated,
user.timestampAccountCreation,user.timestampLastLogin,user.timestampLastPasswordChange,user.locked,
user.passwordChangeRequired,null,user.readOnly,user.userManagerId);
user.passwordChangeRequired,null,user.readOnly,user.userManagerId, user.validationToken);
kUser.rememberme(user.rememberme());
var userJson=ko.toJSON(kUser);
@ -73,7 +73,7 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa
}
var kUser = new User(user.username, user.password, user.confirmPassword,user.fullName,user.email,user.permanent,user.validated,
user.timestampAccountCreation,user.timestampLastLogin,user.timestampLastPasswordChange,user.locked,
user.passwordChangeRequired,null,user.readOnly,user.userManagerId);
user.passwordChangeRequired,null,user.readOnly,user.userManagerId, user.validationToken);
$.log("user.rememberme:"+user.rememberme);
@ -860,6 +860,19 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa
return $.inArray(karmaName,window.redbackModel.operatioNames)>=0;
};
addValidationTokenHeader=function(user) {
if (user.validationToken) {
$.log("Adding validation token "+user.validationToken);
$.ajaxSetup({
beforeSend: function (xhr) {
xhr.setRequestHeader('X-XSRF-TOKEN', user.validationToken);
}
});
} else {
$.log("No validation token in user object "+user.username+", "+user.validationToken);
}
}
startArchivaApplication=function(){
$.log("startArchivaApplication");
@ -896,6 +909,9 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa
window.redbackModel.password=user.password();
loginCall(user.username(),user.password(),user.rememberme()
,successLoginCallbackFn,errorLoginCallbackFn,completeLoginCallbackFn);
} else {
// Token for origin validation
addValidationTokenHeader(user);
}
};
@ -918,6 +934,7 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa
}
if (logged == true) {
var user = mapUser(result);
addValidationTokenHeader(user);
if (user.passwordChangeRequired()==true){
changePasswordBox(true,false,user);
@ -948,6 +965,8 @@ function(jquery,ui,sammy,tmpl,i18n,jqueryCookie,bootstrap,archivaSearch,jqueryVa
}
clearForm("#user-login-form");
decorateMenuWithKarma(user);
// Token for origin validation
$("#login-welcome" ).show();
$("#welcome-label" ).html( $.i18n.prop("user.login.welcome",user.username()));
return;

View File

@ -36,9 +36,11 @@ function(jquery,utils,i18n,jqueryValidate,ko,koSimpleGrid,purl) {
* @param ownerViewModel
* @param readOnly
* @param uuserManagerId
* @param validationToken
*/
User=function(username, password, confirmPassword,fullName,email,permanent,validated,timestampAccountCreation,
timestampLastLogin,timestampLastPasswordChange,locked,passwordChangeRequired,ownerViewModel,readOnly,userManagerId) {
timestampLastLogin,timestampLastPasswordChange,locked,passwordChangeRequired,ownerViewModel,readOnly,
userManagerId,validationToken) {
var self=this;
// Potentially Editable Field.
this.username = ko.observable(username);
@ -84,6 +86,8 @@ function(jquery,utils,i18n,jqueryValidate,ko,koSimpleGrid,purl) {
this.rememberme=ko.observable(false);
this.validationToken=validationToken;
this.logged=false;
this.remove = function() {
@ -145,17 +149,20 @@ function(jquery,utils,i18n,jqueryValidate,ko,koSimpleGrid,purl) {
var created = result;
if (created == true) {
displaySuccessMessage( $.i18n.prop("user.admin.created"));
var onSuccessCall=function(){
var onSuccessCall=function(result){
var logUser = mapUser(result);
currentAdminUser.validationToken=logUser.validationToken;
reccordLoginCookie(currentAdminUser);
addValidationTokenHeader(currentAdminUser);
window.archivaModel.adminExists=true;
screenChange();
checkCreateAdminLink();
checkSecurityLinks();
}
loginCall(currentAdminUser.username(), currentAdminUser.password(),false,onSuccessCall);
if(succesCallbackFn){
succesCallbackFn();
}
}
loginCall(currentAdminUser.username(), currentAdminUser.password(),false,onSuccessCall);
return this;
} else {
displayErrorMessage("admin user not created");
@ -757,7 +764,8 @@ function(jquery,utils,i18n,jqueryValidate,ko,koSimpleGrid,purl) {
mapUser=function(data) {
return new User(data.username, data.password, null,data.fullName,data.email,data.permanent,data.validated,
data.timestampAccountCreation,data.timestampLastLogin,data.timestampLastPasswordChange,
data.locked,data.passwordChangeRequired,self,data.readOnly,data.userManagerId);
data.locked,data.passwordChangeRequired,self,data.readOnly,data.userManagerId,
data.validationToken);
}