From a646f85fe82c712ccb54e3686354a5b0f3d0ce85 Mon Sep 17 00:00:00 2001
From: William Enright <william.enright@savoirfairelinux.com>
Date: Thu, 25 Jun 2020 17:46:13 -0400
Subject: [PATCH] AJAX calls now use Authorization: Bearer in headers
Change-Id: I67e7147bf89a1432347e5e0b79937f8befdfea19
---
.../net/jami/jams/server/servlets/LoginServlet.java | 2 +-
.../jams/server/servlets/filters/InstallFilter.java | 2 +-
jams-server/src/main/resources/webapp/js/api.js | 13 +++++++------
3 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java
index b006def1..13208746 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java
@@ -61,7 +61,7 @@ public class LoginServlet extends HttpServlet {
if(req.getHeader("authorization") != null){
res = processUsernamePasswordAuth(req.getHeader("authorization"));
}
- //Case 3 SSL Certificate
+ //Case 2 SSL Certificate
else if(req.getAttribute("jakarta.servlet.request.X509Certificate") != null){
res = processX509Auth((X509Certificate[])req.getAttribute("jakarta.servlet.request.X509Certificate"));
}
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
index d49aa4c4..b6213ab2 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/filters/InstallFilter.java
@@ -58,7 +58,7 @@ public class InstallFilter implements Filter {
boolean isLogin = false;
if(request.getServletPath().contains("start")) isLogin = true;
SignedJWT signedJWT = null;
- if(request.getHeader("authorization").contains("bearer") || request.getHeader("authorization").contains("Bearer")){
+ if(request.getHeader("authorization") != null && (request.getHeader("authorization").contains("bearer") || request.getHeader("authorization").contains("Bearer"))){
try {
JWSVerifier jwsVerifier = new RSASSAVerifier(userAuthenticationModule.getAuthModulePubKey());
signedJWT = SignedJWT.parse(request.getHeader("authorization").replace("bearer","").replace("Bearer",""));
diff --git a/jams-server/src/main/resources/webapp/js/api.js b/jams-server/src/main/resources/webapp/js/api.js
index e74f6df4..13ff2cd7 100644
--- a/jams-server/src/main/resources/webapp/js/api.js
+++ b/jams-server/src/main/resources/webapp/js/api.js
@@ -79,7 +79,7 @@ function ajaxApiCall(api_path, request_type, data, credentials, callBackFunction
var jwt = localStorage.getItem('access_token');
ajax['headers'] = {
- "Bearer": jwt,
+ "Authorization": "Bearer " + jwt,
}
}
@@ -100,14 +100,15 @@ function ajaxApiCall(api_path, request_type, data, credentials, callBackFunction
var jwt = localStorage.getItem('access_token');
ajax['headers'] = {
- "Bearer": jwt,
+ "Authorization": "Bearer " + jwt,
}
- }
+ } else {
+ ajax['headers'] = {
+ "Content-type":"application/json"
- ajax['headers'] = {
- "Content-type":"application/json",
- "Bearer": jwt
+ }
}
+
ajax['data'] = JSON.stringify(data);
}
}
--
GitLab