From c806cfadc67d33fa5e9b8a728d14ddd076bb6c10 Mon Sep 17 00:00:00 2001
From: William Enright <william.enright@savoirfairelinux.com>
Date: Tue, 16 Jun 2020 17:09:05 -0400
Subject: [PATCH] cleanup and workflow improvements to login and JWT handling
Change-Id: I4c7989f7c6c318fcce7fff03248568762919ebf3
---
.../jams/server/servlets/LoginServlet.java | 5 ++
.../servlets/api/admin/users/UserServlet.java | 1 +
.../install/CreateServerSettingsServlet.java | 2 +-
.../api/install/StartInstallServlet.java | 3 -
.../src/main/resources/webapp/js/api.js | 8 +-
.../src/main/resources/webapp/js/auth.js | 87 ++++++-------------
.../resources/webapp/js/server-parameters.js | 1 -
.../src/main/resources/webapp/js/signup.js | 4 +-
.../src/main/resources/webapp/js/user.js | 2 +-
.../resources/webapp/templates/search.html | 1 -
10 files changed, 39 insertions(+), 75 deletions(-)
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java
index 15d53ed6..b006def1 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/LoginServlet.java
@@ -75,4 +75,9 @@ public class LoginServlet extends HttpServlet {
if(res == null) TomcatCustomErrorHandler.sendCustomError(resp,401,"Invalid credentials provided!");
else resp.getOutputStream().write(JsonStream.serialize(res).getBytes());
}
+
+ @Override
+ protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ resp.setStatus(200);
+ }
}
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
index ce6f0915..6730905a 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
@@ -62,6 +62,7 @@ public class UserServlet extends HttpServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
User user = new User();
user.setUsername(req.getParameter("username"));
+ user.setNeedsPasswordReset(true);
user.setPassword("TEMP-PASSWORD");
user.setRealm("LOCAL");
user.setUserType(AuthenticationSourceType.LOCAL);
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/install/CreateServerSettingsServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/install/CreateServerSettingsServlet.java
index a67fc61f..d7ac12d9 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/install/CreateServerSettingsServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/install/CreateServerSettingsServlet.java
@@ -52,6 +52,6 @@ public class CreateServerSettingsServlet extends HttpServlet {
resp.sendError(500, "Could not store settings, a problem occured with finishing the installation");
return;
}
- resp.sendRedirect("/");
+ resp.setStatus(200);
}
}
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/install/StartInstallServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/install/StartInstallServlet.java
index e15bc234..5475a954 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/install/StartInstallServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/install/StartInstallServlet.java
@@ -50,13 +50,10 @@ public class StartInstallServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//Here we must decide which page to show - login or sign-up
- StatementList statementList = new StatementList();
- statementList.addStatement(new StatementElement("username","=","*",""));
if(dataStore != null && dataStore.getUserDao() != null && !dataStore.getUserDao().getObjects(null).isEmpty())
resp.setHeader("showLogin","true");
else
resp.setHeader("showLogin","false");
-
}
@Override
diff --git a/jams-server/src/main/resources/webapp/js/api.js b/jams-server/src/main/resources/webapp/js/api.js
index c0a35a78..03ff6c8a 100644
--- a/jams-server/src/main/resources/webapp/js/api.js
+++ b/jams-server/src/main/resources/webapp/js/api.js
@@ -160,10 +160,8 @@ function set_installation_response(url) {
window.location.replace(url);
}
}
- else if (jqXHR) {
- if (jqXHR.status = 200) {
- window.location.replace(url);
- }
- }
+ else if (jqXHR && jqXHR.status == 200)
+ window.location.replace(url);
+
}
}
\ No newline at end of file
diff --git a/jams-server/src/main/resources/webapp/js/auth.js b/jams-server/src/main/resources/webapp/js/auth.js
index 8396c766..8e916e75 100644
--- a/jams-server/src/main/resources/webapp/js/auth.js
+++ b/jams-server/src/main/resources/webapp/js/auth.js
@@ -24,8 +24,7 @@
ajaxApiCall(api_path_post_install_admin, "GET", null, null, signupPageHandler);
}
- function signupPageHandler(data, statusCode, jqXHR) {
- // create Admin
+ function signupPageHandler(data) {
if(data.getResponseHeader('showLogin') == "false") {
var inputConfirmPassword = '<div class="form-label-group"><label for="confirmPassword" class="label-title">Confirm Password</label><input type="password" name="confirmPassword" id="inputConfirmPassword" class="form-control" required autocomplete="off"><span id="message"></span></div>';
@@ -37,7 +36,7 @@
$('#form-signup').removeClass('d-none');
$('#admin-password-progress-bar-container').show();
}
- else if (data.getResponseHeader('showLogin') == "true") {
+ else if (data.getResponseHeader('showLogin') == "true" || data.status == 404) {
admin_account = true;
$('.title').text("Access your account");
$('.form-submit').val("Log in");
@@ -62,88 +61,54 @@ function setLogout(data) {
}
}
-function authorizedAdmin() {
- window.location.replace("search.html");
-}
-
-function authorizedUser(username) {
- window.location.replace("user.html?username=" + username);
-}
-
function noAuthorization() {
window.location.replace("signup.html");
}
function getAdminStatus() {
- return true;
-}
-function getApiCheck() {
- apiCheck = true;
+ var tokenJSON = JSON.parse(atob(window.localStorage.getItem('access_token').split('.')[1]));
+ if (tokenJSON.scope == "ADMIN")
+ return true;
+ else
+ return false;
}
-function setApiStatus(data, statusCode, jqXHR) {
- if (data.status == 200) {
- apiCheck = true;
- }
+function getUser() {
+ var tokenJSON = JSON.parse(atob(window.localStorage.getItem('access_token').split('.')[1]));
+ if (tokenJSON.scope == "USER")
+ return tokenJSON.sub;
+ else
+ return "";
}
function getServerConfigStatus() {
ajaxApiCall(api_path_get_server_status, 'GET', null, null, serverConfigStatus, false);
}
-function serverConfigStatus(data, statusCode, jqXHR) {
- // hasConnectionToAPI
- getApiCheck();
-
- if (apiCheck) {
- // server is installed
+function serverConfigStatus(data) {
+ // check if server is installed
if (data.installed == "true") {
- if (getAdminStatus() && (!current_uri.includes('search.html')) && (!current_uri.includes('user.html')) && (!current_uri.includes('config.html'))) {
- authorizedAdmin();
- }
- else if (!getAdminStatus() && (!current_uri.includes('user.html'))) {
- authorizedUser(getUser());
- }
- else if (!getAdminStatus() && (!current_uri.includes('signup.html'))) {
- noAuthorization();
- }
+ if (getAdminStatus() && (!current_uri.includes('search.html')) && (!current_uri.includes('user.html')) && (!current_uri.includes('config.html'))) {
+ window.location.replace("search.html");
+ }
+ else if (!getAdminStatus() && getUser() && (!current_uri.includes('user.html'))) {
+ window.location.replace("user.html?username=" + getUser());
+ }
+ else if (!getAdminStatus() && !getUser() && (!current_uri.includes('signup.html'))) {
+ noAuthorization();
+ }
}
// has an Admin account but server is not installed
else if (getAdminStatus()) {
- ajaxApiCall(api_path_get_install_lastKnownStep, 'GET', null, null, lastServerConfigurationStepUri, false);
+ ajaxApiCall(api_path_get_install_lastKnownStep, 'GET', null, null, lastServerConfigurationStepUri, false);
}
else if (!current_uri.includes('signup.html')) {
- noAuthorization();
+ noAuthorization();
}
- }
- else if (!current_uri.includes('signup.html') && !current_uri.includes('new-password.html')) {
- noAuthorization();
- }
}
function lastServerConfigurationStepUri(data, statusCode, jqXHR) {
- // if (jqXHR.status == 200) {
- // // lastKnownStep
- // var current_page = false;
- // uri_endpoint = data.uri;
- // if (uri_endpoint == api_path_post_install_ca) {
- // uri = ca_setup_page;
- // }
- // else if (uri_endpoint == api_path_post_install_auth) {
- // uri = identity_management_page;
- // }
- // else if (uri_endpoint == api_path_post_install_server) {
- // uri = server_parameters_page;
- // }
- // // redirect to lastKnownStep
- // if (!(current_uri.includes(uri))) {
- // window.location.replace(uri);
- // }
- // }
- // else {
- // invalidLogin();
- // }
}
function invalidLogin() {
diff --git a/jams-server/src/main/resources/webapp/js/server-parameters.js b/jams-server/src/main/resources/webapp/js/server-parameters.js
index 2a64a659..3c9f41de 100644
--- a/jams-server/src/main/resources/webapp/js/server-parameters.js
+++ b/jams-server/src/main/resources/webapp/js/server-parameters.js
@@ -18,7 +18,6 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
-var type_int_name_input = ['deviceLifetime', 'userLifetime'];
var callback = set_installation_response("search.html", true);
$(document).ready(function () {
diff --git a/jams-server/src/main/resources/webapp/js/signup.js b/jams-server/src/main/resources/webapp/js/signup.js
index 2d237818..8f20f95a 100644
--- a/jams-server/src/main/resources/webapp/js/signup.js
+++ b/jams-server/src/main/resources/webapp/js/signup.js
@@ -25,7 +25,6 @@ var date = new Date();
var minutes = 15;
checkAdminAccountStatus();
-checkAuthentication();
$(".form-submit").click(function (event) {
event.preventDefault();
@@ -95,9 +94,10 @@ function signinCallBackHandler(data, statusCode, jqXHR) {
if (jqXHR.status == 200 && data.access_token != 'null' && (data.needsReset == false || data.needsReset == null)) {
setJWT(data);
+ var tokenJSON = JSON.parse(atob(window.localStorage.getItem('access_token').split('.')[1]));
// check server configuration status
getServerConfigStatus();
- } else if (jqXHR.status == 200 && data.needsReset == true) {
+ } else if (jqXHR.status == 200 && tokenJSON.oneTimePassword == true) {
getServerConfigStatus();
window.location.replace("new-password.html?username=" + credentials["username"]);
}
diff --git a/jams-server/src/main/resources/webapp/js/user.js b/jams-server/src/main/resources/webapp/js/user.js
index 473360a8..ca0c9b35 100644
--- a/jams-server/src/main/resources/webapp/js/user.js
+++ b/jams-server/src/main/resources/webapp/js/user.js
@@ -399,7 +399,7 @@ function handleUserUpdate(){
setTimeout(function() {
ajaxApiCall(api_path_get_user_directory_search, 'GET', searchData, null, setUserInfoDataSource);
ajaxApiCall(api_path_get_user_directory_search, 'GET', searchData, null, setUserExtendedData);
- }, 300);
+ }, 500);
}
function handleFileSelect(evt) {
diff --git a/jams-server/src/main/resources/webapp/templates/search.html b/jams-server/src/main/resources/webapp/templates/search.html
index 33161729..86378cf1 100644
--- a/jams-server/src/main/resources/webapp/templates/search.html
+++ b/jams-server/src/main/resources/webapp/templates/search.html
@@ -41,7 +41,6 @@
<script src="../js/auth.js" charset="utf-8"></script>
<script>
$(function () {
- checkAuthentication();
$("#header").load("header.html");
$("#footer").load("footer.html");
});
--
GitLab