Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

STCOR-671 handle access-control via cookies #1346

Merged
merged 36 commits into from
Oct 31, 2023
Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
b2065cc
STCOR-671 handle access-control via cookies
zburke Oct 4, 2023
09a78e5
pass all required args to logout(); include credentials in logout req…
zburke Oct 4, 2023
8e3f707
eliminate timers; just intercept fetches
zburke Oct 8, 2023
3d7a870
handle simultaneous refresh requests; first draft
zburke Oct 8, 2023
51d6d81
better handling of in-process rtr, logout
zburke Oct 8, 2023
f5bce98
log cleanup
zburke Oct 8, 2023
f890f5f
include all required headers in rtr request
zburke Oct 8, 2023
46acbac
die softly when RTR fails; comments are nice
zburke Oct 8, 2023
b6f5090
remove commented code; improve function naming
zburke Oct 8, 2023
c1bdb5b
Merge branch 'master' into FOLIO-3627-sw
zburke Oct 9, 2023
ce73fdc
refactor service-worker functions for testability
zburke Oct 9, 2023
edd7057
Merge branch 'master' into FOLIO-3627-sw
zburke Oct 9, 2023
eabe2e9
test cleanup
zburke Oct 9, 2023
5b3a49c
jest test clean up
zburke Oct 9, 2023
a3fe0be
no console noise
zburke Oct 10, 2023
352dd16
better logging config
zburke Oct 18, 2023
e7838c7
correct logging
zburke Oct 18, 2023
46511ef
Merge branch 'master' into FOLIO-3627-sw
zburke Oct 18, 2023
f29c49d
correct useOkapiKy return attributes; remove token tests
zburke Oct 18, 2023
2a53674
update BTOG configuration
zburke Oct 19, 2023
99aa46e
Merge branch 'master' into FOLIO-3627-sw
zburke Oct 20, 2023
73a19b3
omit endpoints that require AT from list of pass-through endpoints
zburke Oct 24, 2023
ccb46c6
user correct type value: LOGGER_CONFIG
zburke Oct 24, 2023
50922d4
do not send RTR_ERROR for regular 403 responses
zburke Oct 26, 2023
cab4abc
align service-worker tests with service worker
zburke Oct 26, 2023
3e0126b
Merge branch 'master' into FOLIO-3627-sw
zburke Oct 30, 2023
eebb225
self.addEventListener should return void
zburke Oct 30, 2023
fb62019
export sw registration so dev-tools can use it
zburke Oct 30, 2023
f141dc5
security: ignore cross-origin event messages
zburke Oct 30, 2023
c6b5fb4
align comments to the code
zburke Oct 30, 2023
3f3ba89
log requests with invalid ATs
zburke Oct 30, 2023
12cb118
do not log isLogoutRequest; it is too chatty
zburke Oct 30, 2023
41cbed1
refactor for testability; add tests
zburke Oct 30, 2023
a1680fc
correct compare event.origin, self.location.origin
zburke Oct 30, 2023
6aac976
use correct service-worker scope; add tests
zburke Oct 31, 2023
a17f72f
Merge branch 'master' into FOLIO-3627-sw
zburke Oct 31, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
* *BREAKING* bump `react-intl` to `v6.4.4`. Refs STCOR-744.
* Bump `stylelint` to `v15` and `stylelint-config-standard` to `v34`. Refs STCOR-745.
* Read ky timeout from stripes-config value. Refs STCOR-594.
* *BREAKING* use cookies and RTR instead of directly handling the JWT. Refs STCOR-671, FOLIO-3627.

## [9.0.0](https://github.com/folio-org/stripes-core/tree/v9.0.0) (2023-01-30)
[Full Changelog](https://github.com/folio-org/stripes-core/compare/v8.3.0...v9.0.0)
Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@
"graphql": "^16.0.0",
"history": "^4.6.3",
"hoist-non-react-statics": "^3.3.0",
"inactivity-timer": "^1.0.0",
"jwt-decode": "^3.1.2",
"ky": "^0.23.0",
"localforage": "^1.5.6",
Expand Down
7 changes: 7 additions & 0 deletions src/App.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import gatherActions from './gatherActions';
import { destroyStore } from './mainActions';

import Root from './components/Root';
import { registerServiceWorker } from './serviceWorkerRegistration';

export default class StripesCore extends Component {
static propTypes = {
Expand All @@ -30,6 +31,12 @@ export default class StripesCore extends Component {
this.epics = configureEpics(connectErrorEpic);
this.store = configureStore(initialState, this.logger, this.epics);
this.actionNames = gatherActions();

// register a service worker, providing okapi config details and a logger.
// the service worker functions as a proxy between between the browser
// and the network, intercepting ALL fetch requests to make sure they
// are accompanied by a valid access-token.
registerServiceWorker(okapiConfig, this.logger);
}

componentWillUnmount() {
Expand Down
8 changes: 4 additions & 4 deletions src/RootWithIntl.js
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,13 @@ class RootWithIntl extends React.Component {
logger: PropTypes.object.isRequired,
clone: PropTypes.func.isRequired,
}).isRequired,
token: PropTypes.string,
isAuthenticated: PropTypes.bool,
disableAuth: PropTypes.bool.isRequired,
history: PropTypes.shape({}),
};

static defaultProps = {
token: '',
isAuthenticated: false,
history: {},
};

Expand All @@ -66,7 +66,7 @@ class RootWithIntl extends React.Component {

render() {
const {
token,
isAuthenticated,
disableAuth,
history,
} = this.props;
Expand All @@ -85,7 +85,7 @@ class RootWithIntl extends React.Component {
>
<Provider store={stripes.store}>
<Router history={history}>
{ token || disableAuth ?
{ isAuthenticated || disableAuth ?
<>
<MainContainer>
<AppCtxMenuProvider>
Expand Down
4 changes: 2 additions & 2 deletions src/Stripes.js
Original file line number Diff line number Diff line change
Expand Up @@ -49,18 +49,18 @@ export const stripesShape = PropTypes.shape({
]),
okapiReady: PropTypes.bool,
tenant: PropTypes.string.isRequired,
token: PropTypes.string,
isAuthenticated: PropTypes.bool,
translations: PropTypes.object,
url: PropTypes.string.isRequired,
withoutOkapi: PropTypes.bool,
}).isRequired,
plugins: PropTypes.object,
setBindings: PropTypes.func.isRequired,
setCurrency: PropTypes.func.isRequired,
setIsAuthenticated: PropTypes.func.isRequired,
setLocale: PropTypes.func.isRequired,
setSinglePlugin: PropTypes.func.isRequired,
setTimezone: PropTypes.func.isRequired,
setToken: PropTypes.func.isRequired,
store: PropTypes.shape({
dispatch: PropTypes.func.isRequired,
getState: PropTypes.func.isRequired,
Expand Down
13 changes: 3 additions & 10 deletions src/components/MainNav/MainNav.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,14 @@ import { isEqual, find } from 'lodash';
import { compose } from 'redux';
import { injectIntl } from 'react-intl';
import { withRouter } from 'react-router';
import localforage from 'localforage';

import { branding } from 'stripes-config';

import { Icon } from '@folio/stripes-components';

import { withModules } from '../Modules';
import { LastVisitedContext } from '../LastVisited';
import { clearOkapiToken, clearCurrentUser } from '../../okapiActions';
import { resetStore } from '../../mainActions';
import { getLocale } from '../../loginServices';
import { getLocale, logout as sessionLogout } from '../../loginServices';
import {
updateQueryResource,
getLocationQuery,
Expand Down Expand Up @@ -123,12 +120,8 @@ class MainNav extends Component {
returnToLogin() {
const { okapi } = this.store.getState();

return getLocale(okapi.url, this.store, okapi.tenant).then(() => {
this.store.dispatch(clearOkapiToken());
this.store.dispatch(clearCurrentUser());
this.store.dispatch(resetStore());
localforage.removeItem('okapiSess');
});
return getLocale(okapi.url, this.store, okapi.tenant)
.then(sessionLogout(okapi.url, this.store));
}

// return the user to the login screen, but after logging in they will be brought to the default screen.
Expand Down
19 changes: 11 additions & 8 deletions src/components/Root/Root.js
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ import initialReducers from '../../initialReducers';
import enhanceReducer from '../../enhanceReducer';
import createApolloClient from '../../createApolloClient';
import createReactQueryClient from '../../createReactQueryClient';
import { setSinglePlugin, setBindings, setOkapiToken, setTimezone, setCurrency, updateCurrentUser } from '../../okapiActions';
import { loadTranslations, checkOkapiSession } from '../../loginServices';
import { setSinglePlugin, setBindings, setIsAuthenticated, setTimezone, setCurrency, updateCurrentUser } from '../../okapiActions';
import { addServiceWorkerListeners, loadTranslations, checkOkapiSession } from '../../loginServices';
import { getQueryResourceKey, getCurrentModule } from '../../locationService';
import Stripes from '../../Stripes';
import RootWithIntl from '../../RootWithIntl';
Expand All @@ -40,7 +40,7 @@ class Root extends Component {
constructor(...args) {
super(...args);

const { modules, history, okapi } = this.props;
const { modules, history, okapi, store } = this.props;

this.reducers = { ...initialReducers };
this.epics = {};
Expand All @@ -64,6 +64,9 @@ class Root extends Component {

this.apolloClient = createApolloClient(okapi);
this.reactQueryClient = createReactQueryClient();

// service-worker message listeners
addServiceWorkerListeners(okapi, store);
}

getChildContext() {
Expand Down Expand Up @@ -107,7 +110,7 @@ class Root extends Component {
}

render() {
const { logger, store, epics, config, okapi, actionNames, token, disableAuth, currentUser, currentPerms, locale, defaultTranslations, timezone, currency, plugins, bindings, discovery, translations, history, serverDown } = this.props;
const { logger, store, epics, config, okapi, actionNames, isAuthenticated, disableAuth, currentUser, currentPerms, locale, defaultTranslations, timezone, currency, plugins, bindings, discovery, translations, history, serverDown } = this.props;

if (serverDown) {
return <div>Error: server is down.</div>;
Expand All @@ -125,7 +128,7 @@ class Root extends Component {
config,
okapi,
withOkapi: this.withOkapi,
setToken: (val) => { store.dispatch(setOkapiToken(val)); },
setIsAuthenticated: (val) => { store.dispatch(setIsAuthenticated(val)); },
actionNames,
locale,
timezone,
Expand Down Expand Up @@ -166,7 +169,7 @@ class Root extends Component {
>
<RootWithIntl
stripes={stripes}
token={token}
isAuthenticated={isAuthenticated}
disableAuth={disableAuth}
history={history}
/>
Expand All @@ -191,7 +194,7 @@ Root.propTypes = {
getState: PropTypes.func.isRequired,
replaceReducer: PropTypes.func.isRequired,
}),
token: PropTypes.string,
isAuthenticated: PropTypes.bool,
disableAuth: PropTypes.bool.isRequired,
logger: PropTypes.object.isRequired,
currentPerms: PropTypes.object,
Expand Down Expand Up @@ -249,13 +252,13 @@ function mapStateToProps(state) {
currentPerms: state.okapi.currentPerms,
currentUser: state.okapi.currentUser,
discovery: state.discovery,
isAuthenticated: state.okapi.isAuthenticated,
locale: state.okapi.locale,
okapi: state.okapi,
okapiReady: state.okapi.okapiReady,
plugins: state.okapi.plugins,
serverDown: state.okapi.serverDown,
timezone: state.okapi.timezone,
token: state.okapi.token,
translations: state.okapi.translations,
};
}
Expand Down
4 changes: 2 additions & 2 deletions src/createApolloClient.js
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
import { InMemoryCache, ApolloClient } from '@apollo/client';

const createClient = ({ url, tenant, token }) => (new ApolloClient({
const createClient = ({ url, tenant }) => (new ApolloClient({
uri: `${url}/graphql`,
credentials: 'include',
headers: {
'X-Okapi-Tenant': tenant,
'X-Okapi-Token': token,
},
cache: new InMemoryCache(),
}));
Expand Down
11 changes: 7 additions & 4 deletions src/discoverServices.js
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
import { some } from 'lodash';

function getHeaders(tenant, token) {
function getHeaders(tenant) {
return {
'X-Okapi-Tenant': tenant,
'X-Okapi-Token': token,
'Content-Type': 'application/json'
};
}
Expand All @@ -12,7 +11,9 @@ function fetchOkapiVersion(store) {
const okapi = store.getState().okapi;

return fetch(`${okapi.url}/_/version`, {
headers: getHeaders(okapi.tenant, okapi.token)
headers: getHeaders(okapi.tenant),
credentials: 'include',
mode: 'cors',
}).then((response) => { // eslint-disable-line consistent-return
if (response.status >= 400) {
store.dispatch({ type: 'DISCOVERY_FAILURE', code: response.status });
Expand All @@ -31,7 +32,9 @@ function fetchModules(store) {
const okapi = store.getState().okapi;

return fetch(`${okapi.url}/_/proxy/tenants/${okapi.tenant}/modules?full=true`, {
headers: getHeaders(okapi.tenant, okapi.token)
headers: getHeaders(okapi.tenant),
credentials: 'include',
mode: 'cors',
}).then((response) => { // eslint-disable-line consistent-return
if (response.status >= 400) {
store.dispatch({ type: 'DISCOVERY_FAILURE', code: response.status });
Expand Down
Loading