From b777978293bd9ae1d1c1af6fa981ce6f9ab1638a Mon Sep 17 00:00:00 2001
From: exceptionfactory <exceptionfactory@apache.org>
Date: Wed, 24 Aug 2022 16:40:15 -0500
Subject: [PATCH] NIFI-10313 Removed Expiration Token on Authentication Errors

- Updated standard user interface error handler to clear the Access-Token-Expiration item from Session Storage when receiving an error with the WWW-Authenticate Header indicating a problem with the Bearer Token

Signed-off-by: Nathan Gough <thenatog@gmail.com>

This closes #6334.
---
 .../src/main/webapp/js/nf/nf-error-handler.js | 26 ++++++++++++++-----
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-error-handler.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-error-handler.js
index 583b666d46..cb7f0fa2ba 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-error-handler.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-error-handler.js
@@ -21,20 +21,24 @@
     if (typeof define === 'function' && define.amd) {
         define(['jquery',
                 'nf.Dialog',
-                'nf.Common'],
-            function ($, nfDialog, nfCommon) {
-                return (nf.ErrorHandler = factory($, nfDialog, nfCommon));
+                'nf.Common',
+                'nf.AuthorizationStorage'],
+            function ($, nfDialog, nfCommon, nfAuthorizationStorage) {
+                return (nf.ErrorHandler = factory($, nfDialog, nfCommon, nfAuthorizationStorage));
             });
     } else if (typeof exports === 'object' && typeof module === 'object') {
         module.exports = (nf.ErrorHandler = factory(require('jquery'),
             require('nf.Dialog'),
-            require('nf.Common')));
+            require('nf.Common'),
+            require('nf.AuthorizationStorage')
+        ));
     } else {
         nf.ErrorHandler = factory(root.$,
             root.nf.Dialog,
-            root.nf.Common);
+            root.nf.Common,
+            root.nf.AuthorizationStorage);
     }
-}(this, function ($, nfDialog, nfCommon) {
+}(this, function ($, nfDialog, nfCommon, nfAuthorizationStorage) {
     'use strict';
 
     var self = {
@@ -47,6 +51,9 @@
          */
         handleAjaxError: function (xhr, status, error) {
             if (status === 'canceled') {
+                // Remove Token from storage for session expiration
+                nfAuthorizationStorage.removeToken();
+
                 if ($('#splash').is(':visible')) {
                     $('#message-title').text('Session Expired');
                     $('#message-content').text('Your session has expired. Please reload to log in again.');
@@ -65,6 +72,13 @@
                 return;
             }
 
+            // Remove Token from storage when REST API returns WWW-Authenticate Bearer indicating authorization errors
+            var authenticateHeader = xhr.getResponseHeader('WWW-Authenticate');
+            var bearerPattern = new RegExp('^Bearer.*$');
+            if (bearerPattern.test(authenticateHeader)) {
+                nfAuthorizationStorage.removeToken();
+            }
+
             // if an error occurs while the splash screen is visible close the canvas show the error message
             if ($('#splash').is(':visible')) {
                 if (xhr.status === 401) {