hazza/dspace-angular
1
0
Fork 1
mirror of https://github.com/DSpace/dspace-angular.git synced 2025-10-07 18:14:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

w2p-99039 Add xsrf token to createShortLivedToken get request

Browse Source
This commit is contained in:
Nathan Buckingham
2023-02-02 17:51:30 -05:00
parent ce096496eb
commit 34c07fd904
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/app/core/auth/server-auth-request.service.ts
View File

@@ -4,6 +4,8 @@ import { GetRequest } from '../data/request.models';
import { HALEndpointService } from '../shared/hal-endpoint.service'; import { HALEndpointService } from '../shared/hal-endpoint.service';
import { RequestService } from '../data/request.service'; import { RequestService } from '../data/request.service';
import { RemoteDataBuildService } from '../cache/builders/remote-data-build.service'; import { RemoteDataBuildService } from '../cache/builders/remote-data-build.service';
import { HttpHeaders, HttpXsrfTokenExtractor } from '@angular/common/http';
import { XSRF_REQUEST_HEADER } from '../xsrf/xsrf.interceptor';
/** /**
* Server side version of the service to send authentication requests * Server side version of the service to send authentication requests
@@ -14,7 +16,8 @@ export class ServerAuthRequestService extends AuthRequestService {
constructor( constructor(
halService: HALEndpointService, halService: HALEndpointService,
requestService: RequestService, requestService: RequestService,
rdbService: RemoteDataBuildService rdbService: RemoteDataBuildService,
protected tokenExtractor: HttpXsrfTokenExtractor,
) { ) {
super(halService, requestService, rdbService); super(halService, requestService, rdbService);
} }
@@ -28,7 +31,13 @@ export class ServerAuthRequestService extends AuthRequestService {
* @protected * @protected
*/ */
protected createShortLivedTokenRequest(href: string): GetRequest { protected createShortLivedTokenRequest(href: string): GetRequest {
return Object.assign(new GetRequest(this.requestService.generateRequestId(), href), { let options = new HttpHeaders();
options = options.set('Content-Type', 'application/json; charset=utf-8');
options = options.set(XSRF_REQUEST_HEADER, this.tokenExtractor.getToken());
let requestOptions = {
headers: options,
};
return Object.assign(new GetRequest(this.requestService.generateRequestId(), href, {}, requestOptions), {
responseMsToLive: 2 * 1000 // A short lived token is only valid for 2 seconds. responseMsToLive: 2 * 1000 // A short lived token is only valid for 2 seconds.
}); });
} }