AJAX calls now use Authorization: Bearer in headers

Change-Id: I67e7147bf89a1432347e5e0b79937f8befdfea19

AJAX calls now use Authorization: Bearer in headers
a646f85f · William Enright · Adrien Béraud · 4a7f88a1 · a646f85f · a646f85f
Commit a646f85f authored Jun 25, 2020 by William Enright Committed by Adrien Béraud Jul 1, 2020
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java
@@ -61,7 +61,7 @@ public class LoginServlet extends HttpServlet {
        if(req.getHeader("authorization") != null){
            res = processUsernamePasswordAuth(req.getHeader("authorization"));
        }
-        //Case 3 SSL Certificate
+        //Case 2 SSL Certificate
        else if(req.getAttribute("jakarta.servlet.request.X509Certificate") != null){
            res = processX509Auth((X509Certificate[])req.getAttribute("jakarta.servlet.request.X509Certificate"));
        }

--- a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
@@ -58,7 +58,7 @@ public class InstallFilter implements Filter {
            boolean isLogin = false;
            if(request.getServletPath().contains("start")) isLogin = true;
            SignedJWT signedJWT = null;
-            if(request.getHeader("authorization").contains("bearer") || request.getHeader("authorization").contains("Bearer")){
+            if(request.getHeader("authorization") != null && (request.getHeader("authorization").contains("bearer") || request.getHeader("authorization").contains("Bearer"))){
                try {
                    JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
                    signedJWT = SignedJWT.parse(request.getHeader("authorization").replace("bearer","").replace("Bearer",""));

--- a/jams-server/src/main/resources/webapp/js/api.js
+++ b/jams-server/src/main/resources/webapp/js/api.js
@@ -79,7 +79,7 @@ function ajaxApiCall(api_path, request_type, data, credentials, callBackFunction
        var jwt = localStorage.getItem('access_token');
        ajax['headers'] =  {
-            "Bearer": jwt,
+            "Authorization": "Bearer " + jwt,
        }
    }
@@ -100,14 +100,15 @@ function ajaxApiCall(api_path, request_type, data, credentials, callBackFunction
                var jwt = localStorage.getItem('access_token');
                ajax['headers'] =  {
-                    "Bearer": jwt,
+                    "Authorization": "Bearer " + jwt,
                }
-            }
+            } else {
                ajax['headers'] =  {
-                "Content-type":"application/json",
+                    "Content-type":"application/json"
-                "Bearer": jwt
                }
+            }
            ajax['data'] = JSON.stringify(data);
        }
    }