mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-18 15:33:09 +00:00
Merge pull request #9777 from saschaszott/patch-47
several optimizations in HAL browser login page
This commit is contained in:
Tim Donohue
@@ -32,7 +32,7 @@
|
|||||||
border-radius: 5px;
|
border-radius: 5px;
|
||||||
box-shadow: 0 1px 2px rgba(0, 0, 0, .05);
|
box-shadow: 0 1px 2px rgba(0, 0, 0, .05);
|
||||||
}
|
}
|
||||||
.form-signin .form-signin-heading, .form-signin .checkbox {
|
.form-signin .form-signin-heading, .form-signin {
|
||||||
margin-bottom: 10px;
|
margin-bottom: 10px;
|
||||||
}
|
}
|
||||||
.form-signin input[type="text"], .form-signin input[type="password"] {
|
.form-signin input[type="text"], .form-signin input[type="password"] {
|
||||||
@@ -94,63 +94,71 @@
|
|||||||
"onclick" : function() { toastr.remove(); }
|
"onclick" : function() { toastr.remove(); }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// retrieves a valid CSRF token (please note that this method works both in DS 7 and DS 8)
|
||||||
|
// HTTP response code 403 is expected at this point (the response contains the DSPACE-XSRF-TOKEN header)
|
||||||
|
$.ajax({
|
||||||
|
url : window.location.href.replace("login.html", "") + 'api/authn/login',
|
||||||
|
type : 'POST',
|
||||||
|
error : function(xhr) {
|
||||||
|
// Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
|
||||||
|
checkForUpdatedCSRFTokenInResponse(xhr);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
// When the login page loads, we do *two* AJAX requests.
|
// When the login page loads, we do *two* AJAX requests.
|
||||||
// (1) Call GET /api/authn/status. This call has two purposes. First, it checks to see if you are logged in,
|
// (1) Call GET /api/authn/status. This call checks to see if you are logged in
|
||||||
// (if not, WWW-Authenticate will return login options). Second, it retrieves the CSRF token, if a
|
// (if not, WWW-Authenticate will return login options).
|
||||||
// new one has been assigned (as a valid CSRF token is required for the POST call).
|
|
||||||
// (2) If that /api/authn/status call finds authentication data, call POST /api/authn/login.
|
// (2) If that /api/authn/status call finds authentication data, call POST /api/authn/login.
|
||||||
// This scenario occurs when you login via an external authentication system (e.g. Shibboleth)...
|
// This scenario occurs when you log in via an external authentication system (e.g. Shibboleth)
|
||||||
// in which case the main role of /api/authn/login is to simply ensure the "Authorization" header
|
// in which case the main role of /api/authn/login is to simply ensure the "Authorization" header
|
||||||
// is sent back to the client (based on your authentication data).
|
// is sent back to the client (based on your authentication data).
|
||||||
$.ajax({
|
$.ajax({
|
||||||
url : window.location.href.replace("login.html", "") + 'api/authn/status',
|
url : window.location.href.replace("login.html", "") + 'api/authn/status',
|
||||||
type : 'GET',
|
type : 'GET',
|
||||||
success : function(result, status, xhr) {
|
success : function(result, status, xhr) {
|
||||||
// Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
|
|
||||||
checkForUpdatedCSRFTokenInResponse(xhr);
|
|
||||||
|
|
||||||
// Check for WWW-Authenticate header. If found, this means we are not yet authenticated, and
|
// Check for WWW-Authenticate header. If found, this means we are not yet authenticated, and
|
||||||
// therefore we need to display available authentication options.
|
// therefore we need to display available authentication options.
|
||||||
var authenticate = xhr.getResponseHeader("WWW-Authenticate");
|
var authenticate = xhr.getResponseHeader("WWW-Authenticate");
|
||||||
if (authenticate !== null) {
|
if (authenticate !== null && authenticate.includes('location=')) {
|
||||||
var element = $('div.other-login-methods');
|
var element = $('div.other-login-methods');
|
||||||
var realms = authenticate.match(/(\w+ (\w+=((".*?")|[^,]*)(, )?)*)/g);
|
var realms = authenticate.match(/(\w+ (\w+=((".*?")|[^,]*)(, )?)*)/g);
|
||||||
if (realms.length == 1){
|
if (realms.length === 1){
|
||||||
var loc = /location="([^,]*)"/.exec(authenticate);
|
var loc = /location="([^,]*)"/.exec(authenticate);
|
||||||
if (loc !== null && loc.length === 2) {
|
if (loc !== null && loc.length === 2) {
|
||||||
document.location = loc[1];
|
document.location = loc[1];
|
||||||
}
|
}
|
||||||
} else if (realms.length > 1){
|
} else if (realms.length > 1){
|
||||||
for (var i = 0; i < realms.length; i++){
|
for (var i = 0; i < realms.length; i++){
|
||||||
addLocationButton(realms[i], element);
|
addLocationButton(realms[i], element);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
// If Authentication data was found, do a POST /api/authn/login to ensure that data's JWT
|
||||||
|
// is sent back in the "Authorization" header. This simply completes an external authentication
|
||||||
|
// process (e.g. Shibboleth)
|
||||||
|
$.ajax({
|
||||||
|
url : window.location.href.replace("login.html", "") + 'api/authn/login',
|
||||||
|
type : 'POST',
|
||||||
|
beforeSend: function (xhr) {
|
||||||
|
// If CSRF token found in cookie, send it back as X-XSRF-Token header
|
||||||
|
var csrfToken = getCSRFToken();
|
||||||
|
if (csrfToken != null) {
|
||||||
|
xhr.setRequestHeader('X-XSRF-Token', csrfToken);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
success : successHandler,
|
||||||
|
error : function(xhr) {
|
||||||
|
// Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
|
||||||
|
checkForUpdatedCSRFTokenInResponse(xhr);
|
||||||
|
toastr.error('Failed to logged in. Please check for errors in Javascript console.', 'Login Failed');
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
} else {
|
},
|
||||||
// If Authentication data was found, do a POST /api/authn/login to ensure that data's JWT
|
error : function() {
|
||||||
// is sent back in the "Authorization" header. This simply completes an external authentication
|
toastr.error('Failed to connect with backend. Please check for errors in Javascript console.', 'Could Not Load');
|
||||||
// process (e.g. Shibboleth)
|
|
||||||
$.ajax({
|
|
||||||
url : window.location.href.replace("login.html", "") + 'api/authn/login',
|
|
||||||
type : 'POST',
|
|
||||||
beforeSend: function (xhr, settings) {
|
|
||||||
// If CSRF token found in cookie, send it back as X-XSRF-Token header
|
|
||||||
var csrfToken = getCSRFToken();
|
|
||||||
if (csrfToken != null) {
|
|
||||||
xhr.setRequestHeader('X-XSRF-Token', csrfToken);
|
|
||||||
}
|
|
||||||
},
|
|
||||||
success : successHandler,
|
|
||||||
error : function(xhr, textStatus, errorThrown) {
|
|
||||||
// Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
|
|
||||||
checkForUpdatedCSRFTokenInResponse(xhr);
|
|
||||||
toastr.error('Failed to logged in. Please check for errors in Javascript console.', 'Login Failed');
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
},
|
|
||||||
error : function(xhr, textStatus, errorThrown) {
|
|
||||||
toastr.error('Failed to connect with backend. Please check for errors in Javascript console.', 'Could Not Load');
|
|
||||||
}
|
|
||||||
});
|
});
|
||||||
|
|
||||||
function addLocationButton(realm, element){
|
function addLocationButton(realm, element){
|
||||||
@@ -166,22 +174,22 @@
|
|||||||
return string.charAt(0).toUpperCase() + string.slice(1);
|
return string.charAt(0).toUpperCase() + string.slice(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check current response headers to see if the CSRF Token has changed. If a new value is found in headers,
|
* Check current response headers to see if the CSRF Token has changed. If a new value is found in headers,
|
||||||
* save the new value into our "MyHalBrowserCsrfToken" cookie.
|
* save the new value into our "MyHalBrowserCsrfToken" cookie.
|
||||||
**/
|
**/
|
||||||
function checkForUpdatedCSRFTokenInResponse(jqxhr) {
|
function checkForUpdatedCSRFTokenInResponse(jqxhr) {
|
||||||
// look for DSpace-XSRF-TOKEN header & save to our MyHalBrowserCsrfToken cookie (if found)
|
// look for DSpace-XSRF-TOKEN header & save to our MyHalBrowserCsrfToken cookie (if found)
|
||||||
var updatedCsrfToken = jqxhr.getResponseHeader('DSPACE-XSRF-TOKEN');
|
var updatedCsrfToken = jqxhr.getResponseHeader('DSPACE-XSRF-TOKEN');
|
||||||
if (updatedCsrfToken != null) {
|
if (updatedCsrfToken != null) {
|
||||||
document.cookie = "MyHalBrowserCsrfToken=" + updatedCsrfToken;
|
document.cookie = "MyHalBrowserCsrfToken=" + updatedCsrfToken;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get CSRF Token by parsing it out of the "MyHalBrowserCsrfToken" cookie.
|
* Get CSRF Token by parsing it out of the "MyHalBrowserCsrfToken" cookie.
|
||||||
* This cookie is set in login.html after a successful login occurs.
|
* This cookie is set in login.html after a successful login occurs.
|
||||||
**/
|
**/
|
||||||
function getCSRFToken() {
|
function getCSRFToken() {
|
||||||
var cookie = document.cookie.match('(^|;)\\s*' + 'MyHalBrowserCsrfToken' + '\\s*=\\s*([^;]+)');
|
var cookie = document.cookie.match('(^|;)\\s*' + 'MyHalBrowserCsrfToken' + '\\s*=\\s*([^;]+)');
|
||||||
if (cookie != null) {
|
if (cookie != null) {
|
||||||
@@ -204,11 +212,11 @@
|
|||||||
user: $("#username").val(),
|
user: $("#username").val(),
|
||||||
password: $("#password").val()
|
password: $("#password").val()
|
||||||
},
|
},
|
||||||
beforeSend: function (xhr, settings) {
|
beforeSend: function (xhr) {
|
||||||
// If CSRF token found in cookie, send it back as X-XSRF-Token header
|
// If CSRF token found in cookie, send it back as X-XSRF-Token header
|
||||||
var csrfToken = getCSRFToken();
|
var csrfToken = getCSRFToken();
|
||||||
if (csrfToken != null) {
|
if (csrfToken != null) {
|
||||||
xhr.setRequestHeader('X-XSRF-Token', csrfToken);
|
xhr.setRequestHeader('X-XSRF-Token', csrfToken);
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
success : successHandler,
|
success : successHandler,
|
||||||
|
|||||||
Reference in New Issue
Block a user