Merge pull request #9777 from saschaszott/patch-47

several optimizations in HAL browser login page
2025-10-18 15:33:09 +00:00 · 2024-10-08 14:10:41 -05:00
parent e8a2e73fcc 546afb189e
commit 048663a2a8
1 changed files with 68 additions and 60 deletions
--- a/dspace-server-webapp/src/main/resources/static/login.html
+++ b/dspace-server-webapp/src/main/resources/static/login.html
@@ -32,7 +32,7 @@
            border-radius: 5px;
            box-shadow: 0 1px 2px rgba(0, 0, 0, .05);
        }
-        .form-signin .form-signin-heading, .form-signin .checkbox {
+        .form-signin .form-signin-heading, .form-signin {
            margin-bottom: 10px;
        }
        .form-signin input[type="text"], .form-signin input[type="password"] {
@@ -94,28 +94,36 @@
            "onclick" : function() { toastr.remove(); }
        }

+        // retrieves a valid CSRF token (please note that this method works both in DS 7 and DS 8)
+        // HTTP response code 403 is expected at this point (the response contains the DSPACE-XSRF-TOKEN header)
+        $.ajax({
+            url : window.location.href.replace("login.html", "") + 'api/authn/login',
+            type : 'POST',
+            error : function(xhr) {
+                // Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
+                checkForUpdatedCSRFTokenInResponse(xhr);
+            }
+        });
+
        // When the login page loads, we do *two* AJAX requests.
-        // (1) Call GET /api/authn/status. This call has two purposes. First, it checks to see if you are logged in,
-        //     (if not, WWW-Authenticate will return login options). Second, it retrieves the CSRF token, if a
-        //     new one has been assigned (as a valid CSRF token is required for the POST call).
+        // (1) Call GET /api/authn/status. This call checks to see if you are logged in
+        //     (if not, WWW-Authenticate will return login options).
        // (2) If that /api/authn/status call finds authentication data, call POST /api/authn/login.
-        //     This scenario occurs when you login via an external authentication system (e.g. Shibboleth)...
+        //     This scenario occurs when you log in via an external authentication system (e.g. Shibboleth)
        //     in which case the main role of /api/authn/login is to simply ensure the "Authorization" header
        //     is sent back to the client (based on your authentication data).
        $.ajax({
            url : window.location.href.replace("login.html", "") + 'api/authn/status',
            type : 'GET',
            success : function(result, status, xhr) {
-            // Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
-            checkForUpdatedCSRFTokenInResponse(xhr);

                // Check for WWW-Authenticate header. If found, this means we are not yet authenticated, and
                // therefore we need to display available authentication options.
                var authenticate = xhr.getResponseHeader("WWW-Authenticate");
-            if (authenticate !== null) {
+                if (authenticate !== null && authenticate.includes('location=')) {
                    var element = $('div.other-login-methods');
                    var realms = authenticate.match(/(\w+ (\w+=((".*?")|[^,]*)(, )?)*)/g);
-                if (realms.length == 1){
+                    if (realms.length === 1){
                        var loc = /location="([^,]*)"/.exec(authenticate);
                        if (loc !== null && loc.length === 2) {
                            document.location = loc[1];
@@ -132,7 +140,7 @@
                    $.ajax({
                        url : window.location.href.replace("login.html", "") + 'api/authn/login',
                        type : 'POST',
-                  beforeSend: function (xhr, settings) {
+                        beforeSend: function (xhr) {
                            // If CSRF token found in cookie, send it back as X-XSRF-Token header
                            var csrfToken = getCSRFToken();
                            if (csrfToken != null) {
@@ -140,7 +148,7 @@
                            }
                        },
                        success : successHandler,
-                  error : function(xhr, textStatus, errorThrown) {
+                        error : function(xhr) {
                            // Check for an update to the CSRF Token & save to a MyHalBrowserCsrfToken cookie (if found)
                            checkForUpdatedCSRFTokenInResponse(xhr);
                            toastr.error('Failed to logged in. Please check for errors in Javascript console.', 'Login Failed');
@@ -148,7 +156,7 @@
                    });
                }
            },
-          error : function(xhr, textStatus, errorThrown) {
+            error : function() {
                toastr.error('Failed to connect with backend. Please check for errors in Javascript console.', 'Could Not Load');
            }
        });
@@ -204,7 +212,7 @@
                    user: $("#username").val(),
                    password: $("#password").val()
                },
-                beforeSend: function (xhr, settings) {
+                beforeSend: function (xhr) {
                    // If CSRF token found in cookie, send it back as X-XSRF-Token header
                    var csrfToken = getCSRFToken();
                    if (csrfToken != null) {