hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-18 23:43:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9777 from saschaszott/patch-47

Browse Source 
several optimizations in HAL browser login page
This commit is contained in:
Tim Donohue
2024-10-08 14:10:41 -05:00
committed by GitHub
parent e8a2e73fcc 546afb189e
commit 048663a2a8
1 changed files with 68 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
dspace-server-webapp/src/main/resources/static/login.html
View File

@@ -32,7 +32,7 @@
border-radius: 5px; border-radius: 5px;
box-shadow: 0 1px 2px rgba(0, 0, 0, .05); box-shadow: 0 1px 2px rgba(0, 0, 0, .05);
} }
.form-signin .form-signin-heading, .form-signin .checkbox { .form-signin .form-signin-heading, .form-signin {
margin-bottom: 10px; margin-bottom: 10px;
} }
.form-signin input[type="text"], .form-signin input[type="password"] { .form-signin input[type="text"], .form-signin input[type="password"] {
@@ -94,28 +94,36 @@
"onclick" : function() { toastr.remove(); } "onclick" : function() { toastr.remove(); }
} }
// retrieves a valid CSRF token (please note that this method works both in DS 7 and DS 8)
// HTTP response code 403 is expected at this point (the response contains the DSPACE-XSRF-TOKEN header)
$.ajax({
url : window.location.href.replace("login.html", "") + 'api/authn/login',
type : 'POST',
error : function(xhr) {
// Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
checkForUpdatedCSRFTokenInResponse(xhr);
}
});
// When the login page loads, we do *two* AJAX requests. // When the login page loads, we do *two* AJAX requests.
// (1) Call GET /api/authn/status. This call has two purposes. First, it checks to see if you are logged in, // (1) Call GET /api/authn/status. This call checks to see if you are logged in
// (if not, WWW-Authenticate will return login options). Second, it retrieves the CSRF token, if a // (if not, WWW-Authenticate will return login options).
// new one has been assigned (as a valid CSRF token is required for the POST call).
// (2) If that /api/authn/status call finds authentication data, call POST /api/authn/login. // (2) If that /api/authn/status call finds authentication data, call POST /api/authn/login.
// This scenario occurs when you login via an external authentication system (e.g. Shibboleth)... // This scenario occurs when you log in via an external authentication system (e.g. Shibboleth)
// in which case the main role of /api/authn/login is to simply ensure the "Authorization" header // in which case the main role of /api/authn/login is to simply ensure the "Authorization" header
// is sent back to the client (based on your authentication data). // is sent back to the client (based on your authentication data).
$.ajax({ $.ajax({
url : window.location.href.replace("login.html", "") + 'api/authn/status', url : window.location.href.replace("login.html", "") + 'api/authn/status',
type : 'GET', type : 'GET',
success : function(result, status, xhr) { success : function(result, status, xhr) {
// Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
checkForUpdatedCSRFTokenInResponse(xhr);
// Check for WWW-Authenticate header. If found, this means we are not yet authenticated, and // Check for WWW-Authenticate header. If found, this means we are not yet authenticated, and
// therefore we need to display available authentication options. // therefore we need to display available authentication options.
var authenticate = xhr.getResponseHeader("WWW-Authenticate"); var authenticate = xhr.getResponseHeader("WWW-Authenticate");
if (authenticate !== null) { if (authenticate !== null && authenticate.includes('location=')) {
var element = $('div.other-login-methods'); var element = $('div.other-login-methods');
var realms = authenticate.match(/(\w+ (\w+=((".*?")|[^,]*)(, )?)*)/g); var realms = authenticate.match(/(\w+ (\w+=((".*?")|[^,]*)(, )?)*)/g);
if (realms.length == 1){ if (realms.length === 1){
var loc = /location="([^,]*)"/.exec(authenticate); var loc = /location="([^,]*)"/.exec(authenticate);
if (loc !== null && loc.length === 2) { if (loc !== null && loc.length === 2) {
document.location = loc[1]; document.location = loc[1];
@@ -132,7 +140,7 @@
$.ajax({ $.ajax({
url : window.location.href.replace("login.html", "") + 'api/authn/login', url : window.location.href.replace("login.html", "") + 'api/authn/login',
type : 'POST', type : 'POST',
beforeSend: function (xhr, settings) { beforeSend: function (xhr) {
// If CSRF token found in cookie, send it back as X-XSRF-Token header // If CSRF token found in cookie, send it back as X-XSRF-Token header
var csrfToken = getCSRFToken(); var csrfToken = getCSRFToken();
if (csrfToken != null) { if (csrfToken != null) {
@@ -140,7 +148,7 @@
} }
}, },
success : successHandler, success : successHandler,
error : function(xhr, textStatus, errorThrown) { error : function(xhr) {
// Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found) // Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
checkForUpdatedCSRFTokenInResponse(xhr); checkForUpdatedCSRFTokenInResponse(xhr);
toastr.error('Failed to logged in. Please check for errors in Javascript console.', 'Login Failed'); toastr.error('Failed to logged in. Please check for errors in Javascript console.', 'Login Failed');
@@ -148,7 +156,7 @@
}); });
} }
}, },
error : function(xhr, textStatus, errorThrown) { error : function() {
toastr.error('Failed to connect with backend. Please check for errors in Javascript console.', 'Could Not Load'); toastr.error('Failed to connect with backend. Please check for errors in Javascript console.', 'Could Not Load');
} }
}); });
@@ -204,7 +212,7 @@
user: $("#username").val(), user: $("#username").val(),
password: $("#password").val() password: $("#password").val()
}, },
beforeSend: function (xhr, settings) { beforeSend: function (xhr) {
// If CSRF token found in cookie, send it back as X-XSRF-Token header // If CSRF token found in cookie, send it back as X-XSRF-Token header
var csrfToken = getCSRFToken(); var csrfToken = getCSRFToken();
if (csrfToken != null) { if (csrfToken != null) {