MOB-55 Added session cookies reading

demoBackend/src/demo-website/package-lock.json

@@ -10,9 +10,10 @@
       "dependencies": {
         "@web-eid/web-eid-library": "../../../../web-eid.js/",
         "core-js": "^3.6.5",
-        "js-cookie": "^3.0.1",
         "vue": "^3.0.0",
+        "vue-cookie-next": "^1.3.0",
         "vue-router": "^4.0.0-0",
+        "vue3-cookies": "^1.0.6",
         "vuex": "^4.0.2",
         "vuex-persistedstate": "^4.1.0"
       },
@@ -8668,14 +8669,6 @@
       "integrity": "sha512-JVAfqNPTvNq3sB/VHQJAFxN/sPgKnsKrCwyRt15zwNCdrMMJDdcEOdubuy+DuJYYdm0ox1J4uzEuYKkN+9yhVg==",
       "dev": true
     },
-    "node_modules/js-cookie": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.1.tgz",
-      "integrity": "sha512-+0rgsUXZu4ncpPxRL+lNEptWMOWl9etvPHc/koSRp6MPwpRYAhmk0dUG00J4bxVV3r9uUzfo24wW0knS07SKSw==",
-      "engines": {
-        "node": ">=12"
-      }
-    },
     "node_modules/js-message": {
       "version": "1.0.7",
       "resolved": "https://registry.npmjs.org/js-message/-/js-message-1.0.7.tgz",
@@ -13982,6 +13975,14 @@
         "@vue/shared": "3.2.23"
       }
     },
+    "node_modules/vue-cookie-next": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/vue-cookie-next/-/vue-cookie-next-1.3.0.tgz",
+      "integrity": "sha512-+EinbhSf0c0M8cijCXRVgcvYBIm0lmu3/WKeFUokU93R1J3DxkkBHn5wOc9IyJj9ugAPI0d9EnhcOiOFNA/YVQ==",
+      "peerDependencies": {
+        "vue": "^3.1.4"
+      }
+    },
     "node_modules/vue-eslint-parser": {
       "version": "7.11.0",
       "resolved": "https://registry.npmjs.org/vue-eslint-parser/-/vue-eslint-parser-7.11.0.tgz",
@@ -14196,6 +14197,14 @@
       "integrity": "sha512-4gDntzrifFnCEvyoO8PqyJDmguXgVPxKiIxrBKjIowvL9l+N66196+72XVYR8BBf1Uv1Fgt3bGevJ+sEmxfZzw==",
       "dev": true
     },
+    "node_modules/vue3-cookies": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/vue3-cookies/-/vue3-cookies-1.0.6.tgz",
+      "integrity": "sha512-a1UvVD0qIgxyOqjlSOwnLnqAnz8ASltugEv8yX+96i/WGZAN9fEDci7xO4HIWZE1uToUnRq9JnFhvfDCSo45OA==",
+      "dependencies": {
+        "vue": "^3.0.0"
+      }
+    },
     "node_modules/vuex": {
       "version": "4.0.2",
       "resolved": "https://registry.npmjs.org/vuex/-/vuex-4.0.2.tgz",
@@ -21996,11 +22005,6 @@
       "integrity": "sha512-JVAfqNPTvNq3sB/VHQJAFxN/sPgKnsKrCwyRt15zwNCdrMMJDdcEOdubuy+DuJYYdm0ox1J4uzEuYKkN+9yhVg==",
       "dev": true
     },
-    "js-cookie": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.1.tgz",
-      "integrity": "sha512-+0rgsUXZu4ncpPxRL+lNEptWMOWl9etvPHc/koSRp6MPwpRYAhmk0dUG00J4bxVV3r9uUzfo24wW0knS07SKSw=="
-    },
     "js-message": {
       "version": "1.0.7",
       "resolved": "https://registry.npmjs.org/js-message/-/js-message-1.0.7.tgz",
@@ -26418,6 +26422,12 @@
         "@vue/shared": "3.2.23"
       }
     },
+    "vue-cookie-next": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/vue-cookie-next/-/vue-cookie-next-1.3.0.tgz",
+      "integrity": "sha512-+EinbhSf0c0M8cijCXRVgcvYBIm0lmu3/WKeFUokU93R1J3DxkkBHn5wOc9IyJj9ugAPI0d9EnhcOiOFNA/YVQ==",
+      "requires": {}
+    },
     "vue-eslint-parser": {
       "version": "7.11.0",
       "resolved": "https://registry.npmjs.org/vue-eslint-parser/-/vue-eslint-parser-7.11.0.tgz",
@@ -26585,6 +26595,14 @@
       "integrity": "sha512-4gDntzrifFnCEvyoO8PqyJDmguXgVPxKiIxrBKjIowvL9l+N66196+72XVYR8BBf1Uv1Fgt3bGevJ+sEmxfZzw==",
       "dev": true
     },
+    "vue3-cookies": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/vue3-cookies/-/vue3-cookies-1.0.6.tgz",
+      "integrity": "sha512-a1UvVD0qIgxyOqjlSOwnLnqAnz8ASltugEv8yX+96i/WGZAN9fEDci7xO4HIWZE1uToUnRq9JnFhvfDCSo45OA==",
+      "requires": {
+        "vue": "^3.0.0"
+      }
+    },
     "vuex": {
       "version": "4.0.2",
       "resolved": "https://registry.npmjs.org/vuex/-/vuex-4.0.2.tgz",

demoBackend/src/demo-website/package.json

@@ -10,9 +10,10 @@
   "dependencies": {
     "@web-eid/web-eid-library": "../../../../web-eid.js/",
     "core-js": "^3.6.5",
-    "js-cookie": "^3.0.1",
     "vue": "^3.0.0",
+    "vue-cookie-next": "^1.3.0",
     "vue-router": "^4.0.0-0",
+    "vue3-cookies": "^1.0.6",
     "vuex": "^4.0.2",
     "vuex-persistedstate": "^4.1.0"
   },

demoBackend/src/demo-website/src/components/Login.vue

@@ -8,7 +8,7 @@
       <p class="text-center">Read more from <a href="https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC">here.</a></p>
     </div>
     <div class="justify-content-center d-flex">
-
+      <div id="canvas"></div>
       <button type="button" class="btn loginButton btn-dark" v-on:click="authenticate">
         <div v-if="loading" class="d-flex justify-content-center">
           <div class="spinner-border text-light spinner-border-sm" role="status">
@@ -26,7 +26,7 @@
       <input type="radio" class="btn-check" name="btnradio" id="btnApp" autocomplete="off" checked v-on:click="useApp">
       <label class="btn btn-outline-secondary" for="btnApp">using Android App</label>
     </div>
-    <div id="canvas"></div>
+
   </div>
 
 </template>
@@ -66,7 +66,7 @@ export default {
         getAuthSuccessUrl: window.location.origin + "/auth/login",
         useAuthApp: this.useAndroidApp,
         headers: {
-          [this.csrfHeaderName]: this.csrftoken
+          "sessionId": this.$store.getters.getSessionId
         },
 
       };
@@ -90,7 +90,7 @@ export default {
   },
   computed: {
     isLoggedIn() {
-      return this.$store.authenticated;
+      return this.$store.getAuthenticated;
     },
     loading() {
       return this.loading;
@@ -112,6 +112,10 @@ export default {
 .loginButton > p {
   font-size: 3vh;
   text-align: center;
+}
 
+#canvas {
+  height: 5vh;
+  width: 5vh;
 }
 </style>

demoBackend/src/demo-website/src/components/Navbar.vue

@@ -25,6 +25,12 @@ export default {
       this.$store.commit("setLoggedIn", false);
       router.push("/");
     }
+  },
+  mounted() {
+    if (this.$store.getters.getSessionId == null) {
+      const sessionId = this.$cookie.getCookie("JSESSIONID");
+      this.$store.dispatch("fetchSessionId", sessionId);
+    }
   }
 }
 </script>

demoBackend/src/demo-website/src/main.js

@@ -1,8 +1,10 @@
 import {createApp} from 'vue';
 import App from './App.vue';
-import {createStore} from 'vuex'
-import BootstrapVue3 from 'bootstrap-vue-3'
+import {createStore} from 'vuex';
+import BootstrapVue3 from 'bootstrap-vue-3';
 import createPersistedState from "vuex-persistedstate";
+import { VueCookieNext } from 'vue-cookie-next'
+
 
 import 'bootstrap/dist/css/bootstrap.css'
 import 'bootstrap-vue-3/dist/bootstrap-vue-3.css'
@@ -13,18 +15,29 @@ const store = createStore({
     state() {
         return {
             authenticated: false,
+            jSessionId: null,
         }
     },
     mutations: {
         setLoggedIn(state, isLoggedIn) {
-            console.log("Setting logged in: " + isLoggedIn);
             state.authenticated = isLoggedIn;
+        },
+        setSessionId(state, sessionId) {
+            state.jSessionId = sessionId;
+        }
+    },
+    actions: {
+        fetchSessionId(context, sessionId) {
+            context.commit("setSessionId", sessionId);
         }
     },
     getters: {
-      getAuthenticated: state => {
-          return state.authenticated;
-      }
+        getAuthenticated: state => {
+            return state.authenticated;
+        },
+        getSessionId: state => {
+            return state.jSessionId;
+        }
     },
     plugins: [createPersistedState()],
 })
@@ -47,4 +60,7 @@ const app = createApp(App)
 app.use(BootstrapVue3)
 app.use(router)
 app.use(store)
-app.mount('#app')
+app.use(VueCookieNext);
+app.mount('#app')
+
+VueCookieNext.config({ expire: '7d' })

demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/security/AuthTokenDTO.kt

@@ -1,6 +1,4 @@
 package com.tarkvaratehnika.demobackend.security
 
-import com.fasterxml.jackson.annotation.JsonProperty
-
-class AuthTokenDTO (val token : String, val challenge : String) {
+class AuthTokenDTO (val token : String, val xsrfToken : String) {
 }

demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/security/AuthTokenDTOAuthenticationProvider.kt

@@ -54,13 +54,13 @@ object AuthTokenDTOAuthenticationProvider {
     fun authenticate(auth : Authentication) : Authentication {
         val authentication = auth as PreAuthenticatedAuthenticationToken
         val token = (authentication.credentials as AuthTokenDTO).token
-        val challenge = (authentication.credentials as AuthTokenDTO).challenge
+        val challenge = (authentication.credentials as AuthTokenDTO)
         val authorities = arrayListOf<GrantedAuthority>()
         authorities.add(USER_ROLE)
 
         try {
             val userCertificate: X509Certificate = tokenValidator.validate(token)
-            return WebEidAuthentication.fromCertificate(userCertificate, authorities, challenge)
+            return WebEidAuthentication.fromCertificate(userCertificate, authorities, "as")
         } catch (e : TokenValidationException) {
             // Validation failed.
             throw AuthenticationServiceException("Token validation failed. " + e.message)

demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/security/SecurityConfiguration.kt

@@ -0,0 +1,21 @@
+package com.tarkvaratehnika.demobackend.security
+
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
+import org.springframework.security.config.http.SessionCreationPolicy
+
+@EnableWebSecurity
+class SecurityConfiguration : WebSecurityConfigurerAdapter() {
+
+    override fun configure(auth: AuthenticationManagerBuilder?) {
+        auth?.inMemoryAuthentication()?.withUser("justSomeUser")?.password("someBackdoorPasswordThisDoesntMatterItsADemo")
+            ?.roles("USER")
+    }
+
+    override fun configure(http: HttpSecurity?) {
+        http?.sessionManagement()?.sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
+        http?.authorizeRequests()?.antMatchers("/**")?.permitAll()
+    }
+}

demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/web/rest/AuthenticationController.kt

@@ -18,7 +18,7 @@ class AuthenticationController {
     private val LOG = LoggerFactory.getLogger(AuthenticationController::class.java)
 
 
-    @PostMapping("authentication", consumes = [MediaType.APPLICATION_JSON_VALUE], produces = [MediaType.APPLICATION_JSON_VALUE])
+    @PostMapping("login", consumes = [MediaType.APPLICATION_JSON_VALUE], produces = [MediaType.APPLICATION_JSON_VALUE])
     fun authenticate(@RequestBody body : String): Authentication {
         val parts = body.split("\"")
         val authToken = AuthTokenDTO(parts[3], parts[7])
@@ -29,9 +29,10 @@ class AuthenticationController {
         return AuthTokenDTOAuthenticationProvider.authenticate(auth)
     }
 
-    @GetMapping("authentication", produces = [MediaType.APPLICATION_JSON_VALUE])
+
+    @GetMapping("login", produces = [MediaType.APPLICATION_JSON_VALUE])
     fun getAuthenticated(headers: String) : Authentication? {
-        val auth = WebEidAuthentication.fromChallenge(challenge)
+        val auth = WebEidAuthentication.fromChallenge("as")
         if (auth == null) {
             throw ResponseStatusException(HttpStatus.FORBIDDEN, "Not allowed.")
         }

demoBackend/src/main/resources/application.properties

@@ -1 +1,2 @@
+server.servlet.session.cookie.http-only=false