Merge pull request #10989 from jwangyangls/csrf-2-0-0

Csrf change to v2.0 in ui
2025-02-03 05:21:38 +01:00 · 2020-03-09 15:55:58 +08:00 · 2020-03-09 15:55:58 +08:00 · 90b766a9af
commit 90b766a9af
parent 30896f3a10 a8a7975522
6 changed files with 17 additions and 84 deletions
--- a/src/portal/src/app/dev-center/dev-center.component.ts
+++ b/src/portal/src/app/dev-center/dev-center.component.ts
@ -40,13 +40,15 @@ export class DevCenterComponent implements AfterViewInit, OnInit {
  }

  ngAfterViewInit() {
-    const csrfCookie = this.cookieService.get('_xsrf');
+
+    const _this = this;
    const interceptor = {
      requestInterceptor: {
-        apply: function (requestObj) {
+        apply: (requestObj) => {
+          const csrfCookie = this.cookieService.get('__csrf');
          const headers = requestObj.headers || {};
          if (csrfCookie) {
-            headers["X-Xsrftoken"] = atob(csrfCookie.split("|")[0]);
+            headers["X-Harbor-CSRF-Token"] = csrfCookie;
          }
          return requestObj;
        }
@ -70,12 +72,11 @@ export class DevCenterComponent implements AfterViewInit, OnInit {
          requestInterceptor: interceptor.requestInterceptor,
          authorizations: {
            csrf: function () {
-              this.headers['X-Xsrftoken'] = csrfCookie;
+              this.headers['X-Harbor-CSRF-Token'] = _this.cookieService.get('__csrf');
              return true;
            }
          }
        });
      });
  }
-
 }
--- a/src/portal/src/app/intercept-http.service.spec.ts
+++ b/src/portal/src/app/intercept-http.service.spec.ts
@ -20,11 +20,11 @@ describe('InterceptHttpService', () => {
  });
  const mockHandle = {
    handle: (request) => {
-      if (request.headers.has('X-Xsrftoken')) {
+      if (request.headers.has('X-Harbor-CSRF-Token')) {
        return of(new HttpResponse({status: 200}));
      } else {
        return throwError(new HttpResponse( {
-        status: 422
+        status: 403
        }));
      }
    }
@ -48,8 +48,8 @@ describe('InterceptHttpService', () => {
    (service: InterceptHttpService) => {
      mockCookieService.set("fdsa|ds");
      service.intercept(mockRequest, mockHandle).subscribe(res => {
-        if (res.status === 422) {
-          expect(btoa(mockRequest.headers.get("X-Xsrftoken"))).toEqual(cookie.split("|")[0]);
+        if (res.status === 403) {
+          expect(mockRequest.headers.get("X-Harbor-CSRF-Token")).toEqual(cookie);
        } else {
          expect(res.status).toEqual(200);
        }
--- a/src/portal/src/app/intercept-http.service.ts
+++ b/src/portal/src/app/intercept-http.service.ts
@ -14,10 +14,10 @@ export class InterceptHttpService implements HttpInterceptor {
  intercept(request: HttpRequest<any>, next: HttpHandler): Observable<any> {

    return next.handle(request).pipe(catchError(error => {
-      if (error.status === 422) {
-        let Xsrftoken = this.cookie.get("_xsrf") ? atob(this.cookie.get("_xsrf").split("|")[0]) : null;
-        if (Xsrftoken && !request.headers.has('X-Xsrftoken')) {
-          request = request.clone({ headers: request.headers.set('X-Xsrftoken', Xsrftoken) });
+      if (error.status === 403) {
+        let Xsrftoken = this.cookie.get("__csrf");
+        if (Xsrftoken && !request.headers.has('X-Harbor-CSRF-Token')) {
+          request = request.clone({ headers: request.headers.set('X-Harbor-CSRF-Token', Xsrftoken) });
          return next.handle(request);
        }
      }
--- a/src/portal/src/lib/services/http-xsrf-token-extractor.service.spec.ts
+++ b/src/portal/src/lib/services/http-xsrf-token-extractor.service.spec.ts
@ -1,49 +0,0 @@
-import { TestBed, inject } from '@angular/core/testing';
-
-import { HttpXsrfTokenExtractorToBeUsed } from './http-xsrf-token-extractor.service';
-import { SharedModule } from '../utils/shared/shared.module';
-import { CookieService } from "ngx-cookie";
-
-describe('HttpXsrfTokenExtractorToBeUsed', () => {
-  let cookie =  "fdsa|ds";
-  let mockCookieService =  {
-      get: function () {
-          return cookie;
-      },
-      set: function (cookieStr: string) {
-          cookie = cookieStr;
-      }
-  };
-  beforeEach(() => {
-    TestBed.configureTestingModule({
-      imports: [
-        SharedModule
-      ],
-      providers: [
-        HttpXsrfTokenExtractorToBeUsed,
-        { provide: CookieService, useValue: mockCookieService}
-    ]
-    });
-
-  });
-
-  it('should be initialized', inject([HttpXsrfTokenExtractorToBeUsed], (service: HttpXsrfTokenExtractorToBeUsed) => {
-    expect(service).toBeTruthy();
-  }));
-
-  it('should be get right token when the cookie exists', inject([HttpXsrfTokenExtractorToBeUsed],
-    (service: HttpXsrfTokenExtractorToBeUsed) => {
-    mockCookieService.set("fdsa|ds");
-    let token = service.getToken();
-    expect(btoa(token)).toEqual(cookie.split("|")[0]);
-  }));
-
-  it('should be get right token when the cookie does not exist', inject([HttpXsrfTokenExtractorToBeUsed],
-    (service: HttpXsrfTokenExtractorToBeUsed) => {
-    mockCookieService.set(null);
-    let token = service.getToken();
-    expect(token).toBeNull();
-  }));
-
-
-});
--- a/src/portal/src/lib/services/http-xsrf-token-extractor.service.ts
+++ b/src/portal/src/lib/services/http-xsrf-token-extractor.service.ts
@ -1,18 +0,0 @@
-import { Injectable } from "@angular/core";
-import { HttpXsrfTokenExtractor } from "@angular/common/http";
-import { CookieService } from "ngx-cookie";
-@Injectable()
-export class HttpXsrfTokenExtractorToBeUsed extends HttpXsrfTokenExtractor {
-    constructor(
-        private cookieService: CookieService,
-    ) {
-        super();
-    }
-    public getToken(): string | null {
-        const csrfCookie = this.cookieService.get("_xsrf");
-        if (csrfCookie) {
-            return atob(csrfCookie.split("|")[0]);
-        }
-        return null;
-    }
-}
--- a/src/portal/src/lib/utils/shared/shared.module.ts
+++ b/src/portal/src/lib/utils/shared/shared.module.ts
@ -6,7 +6,6 @@ import { FormsModule, ReactiveFormsModule } from '@angular/forms';
 import { TranslateModule, TranslateLoader, MissingTranslationHandler } from '@ngx-translate/core';
 import { CookieService, CookieModule } from 'ngx-cookie';
 import { MarkdownModule } from 'ngx-markdown';
-import { HttpXsrfTokenExtractorToBeUsed } from '../../services/http-xsrf-token-extractor.service';
 import { IServiceConfig, SERVICE_CONFIG } from "../../entities/service.config";
 import { TranslateHttpLoader } from "@ngx-translate/http-loader";
 import { MyMissingTranslationHandler } from "../../i18n/missing-trans.handler";
@ -34,8 +33,8 @@ export function GeneralTranslatorLoader(http: HttpClient, config: IServiceConfig
        CommonModule,
        HttpClientModule,
        HttpClientXsrfModule.withOptions({
-            cookieName: '_xsrf',
-            headerName: 'X-Xsrftoken'
+            cookieName: '__csrf',
+            headerName: 'X-Harbor-CSRF-Token'
        }),
        FormsModule,
        ReactiveFormsModule,
@ -68,6 +67,6 @@ export function GeneralTranslatorLoader(http: HttpClient, config: IServiceConfig
    ],
    providers: [
        CookieService,
-        { provide: HttpXsrfTokenExtractor, useClass: HttpXsrfTokenExtractorToBeUsed }]
+    ]
 })
 export class SharedModule { }