Commit 51d5b1ed authored by Matija Obreza's avatar Matija Obreza
Browse files

Fix: set correct Auth cookie expiry times

parent 0ab0ca33
import { loginAppRequest } from 'actions/login';
import { checkTokenRequest, loginUser } from 'user/actions/public';
import ApiError from 'model/ApiError';
function checkAuthTokenRequest(req, dispatch) {
const token = req.cookies.access_token;
......@@ -24,17 +25,18 @@ export default function checkAuthToken(req, res, dispatch) {
console.log('Init checkAuthToken method');
return checkAuthTokenRequest(req, dispatch)
.then((data) => {
console.log(`Setting cookie to expire in ${data.exp}ms from`, data);
res.cookie('access_token', data.access_token, { path: '/', maxAge: data.exp });
console.log(`Setting cookie to expire in ${(data.exp || data.expires_in) / 60}min from`, data);
res.cookie('access_token', data.access_token, { path: '/', expires: new Date(data.exp * 1000 || new Date().getTime() + ((data.expires_in * 1000) || (/* 1hr */ 1000 * 60 * 60))) });
if (data.authorities) {
res.cookie('authorities', JSON.stringify(data.authorities), { path: '/', maxAge: data.exp });
res.cookie('authorities', JSON.stringify(data.authorities), { path: '/', expires: new Date(data.exp * 1000 || new Date().getTime() + ((data.expires_in * 1000) || (/* 1hr */ 1000 * 60 * 60))) });
} else {
res.clearCookie('authorities');
}
return data;
}).catch((x) => {
console.log('Failed checkAuthToken, clearing cookies', x);
}).catch((err) => {
console.log('Failed checkAuthToken, clearing cookies', ApiError.axiosError(err));
res.clearCookie('access_token');
res.clearCookie('authorities');
return Promise.reject({ message: 'Could not authenticate against the API.' });
});
}
......@@ -13,7 +13,8 @@ export function checkAccessTokens(dispatch) {
const applicationLogin = () =>
LoginService.loginApp()
.then((data) => {
saveCookies({access_token: data.access_token, authorities: [ROLE_CLIENT]}, data.exp);
// console.log('loginApp token', data);
saveCookies({access_token: data.access_token, authorities: [ROLE_CLIENT]}, data.exp * 1000 || new Date().getTime() + data.expires_in * 1000);
dispatch(loginApp(data));
})
.catch((error) => {
......
......@@ -12,8 +12,7 @@ import { withStyles } from '@material-ui/core/styles';
import Toolbar from '@material-ui/core/Toolbar';
import IconButton from '@material-ui/core/IconButton';
import {ROLE_ADMINISTRATOR, ROLE_CLIENT, ROLE_USER} from 'constants/userRoles';
import {saveCookies} from 'utilities';
import {ROLE_ADMINISTRATOR, ROLE_USER} from 'constants/userRoles';
import UserLoginMenuComponent from './UserLoginMenu';
import UserMenuComponent from './UserMenuComponent';
......@@ -125,7 +124,6 @@ class Header extends React.Component<IHeaderProps | any, any> {
this.props.logoutRequest()
.then(() => this.props.loginAppRequest())
.then((data) => {
saveCookies({access_token: data.access_token, authorities: [ROLE_CLIENT]}, data.exp);
this.props.history.push('/login');
});
}
......
......@@ -38,7 +38,7 @@ export const loginRequest = (username, password) => (dispatch) => {
return LoginService.login(username, password)
.then((data) => {
saveCookies(data, data.exp);
saveCookies(data, data.exp * 1000 || new Date().getTime() + data.expires_in * 1000);
return dispatch(loginUser(data));
});
};
......@@ -66,7 +66,7 @@ export const verifyGoogleTokenRequest = (accessToken) => (dispatch, getState) =>
return LoginService.verifyGoogleToken(token, accessToken)
.then((data) => {
saveCookies(data, data.exp);
saveCookies(data, data.exp * 1000 || new Date().getTime() + data.expires_in * 1000);
return dispatch(loginApp(data));
});
};
......
import * as React from 'react';
import {connect} from 'react-redux';
import {bindActionCreators} from 'redux';
import {saveCookies} from 'utilities';
import * as _ from 'lodash';
import {log} from 'utilities/debug';
......@@ -35,7 +34,6 @@ class LoginContainer extends React.Component<ILoginContainerProps, void> {
return checkTokenRequest(access_token);
})
.then((data) => {
saveCookies(data, data.exp);
history.push('/dashboard');
return false;
}).catch((e) => {
......@@ -55,7 +53,6 @@ class LoginContainer extends React.Component<ILoginContainerProps, void> {
return checkTokenRequest(access_token);
})
.then((data) => {
saveCookies(data, data.exp);
history.push('/dashboard');
return false;
}).catch((e) => {
......
......@@ -96,10 +96,11 @@ export function cleanFilters(filter, keysToSkip?): string {
return result;
}
export function saveCookies(resp, exp: number) {
log(`Saving cookies to expire after ${exp}ms`);
cookies.set('access_token', resp.access_token, { path: '/', expires: new Date(new Date().getTime() + exp) });
cookies.set('authorities', JSON.stringify(resp.authorities), { path: '/', expires: new Date(new Date().getTime() + exp) });
export function saveCookies(resp, expireOn: number) {
const expDate = new Date(expireOn);
log(`Saving cookies to expire on ${expDate}`);
cookies.set('access_token', resp.access_token, { path: '/', expires: expDate });
cookies.set('authorities', JSON.stringify(resp.authorities), { path: '/', expires: expDate });
}
export function clearCookies() {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment