MOB-55 Fixed an issue with session invalidation.

2021-12-14 19:50:11 +02:00 · 2021-12-14 19:50:11 +02:00 · e5931692b6
parent b66c2386f0
commit e5931692b6
5 changed files with 5 additions and 57 deletions
--- a/demoBackend/pom.xml
+++ b/demoBackend/pom.xml
@ -13,6 +13,7 @@
    <version>0.0.1-SNAPSHOT</version>
    <name>demoBackend</name>
    <description>demoBackend</description>
+    <packaging>jar</packaging>
    <properties>
        <java.version>11</java.version>
        <kotlin.version>1.5.31</kotlin.version>
--- a/demoBackend/src/demo-website/src/components/Navbar.vue
+++ b/demoBackend/src/demo-website/src/components/Navbar.vue
@ -25,8 +25,7 @@ export default {

      const requestOptions = {
        method: "POST",
-        headers: {"Content-Type": "application/json"},
-        body: JSON.stringify({"sessionId": this.$store.getters.getSessionId})
+        headers: {"sessionId": this.$store.getters.getSessionId}
      };
      fetch("/auth/logout", requestOptions)
          .then((response) => {
--- a/demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/config/SessionManager.kt
+++ b/demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/config/SessionManager.kt
@ -54,7 +54,7 @@ class SessionManager {
        fun removeRoleFromCurrentSession(headers: Map<String, String>) {
            val securityContext = SecurityContextHolder.getContext()
            var sessionId = securityContext.authentication.credentials
-            if (sessionId == null) {
+            if (sessionId == null || sessionId == "") {
                // Fallback to when for some reason session object doesn't have sessionId attached.
                sessionId = getSessionId(headers)
            }
--- a/demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/web/rest/AuthenticationController.kt
+++ b/demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/web/rest/AuthenticationController.kt
@ -41,8 +41,8 @@ class AuthenticationController {
        return SessionManager.getSessionAuth(SessionManager.getSessionId(headers))
    }

-    @PostMapping("logout", consumes = [MediaType.APPLICATION_JSON_VALUE])
-    fun logOut(@RequestHeader headers: Map<String, String>, @RequestBody body: String) : HttpStatus? {
+    @PostMapping("logout")
+    fun logOut(@RequestHeader headers: Map<String, String>) : HttpStatus? {
        SessionManager.removeRoleFromCurrentSession(headers)
        return HttpStatus.ACCEPTED

--- a/demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/web/rest/Test.kt
+++ b/demoBackend/src/main/kotlin/com/tarkvaratehnika/demobackend/web/rest/Test.kt
@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2020, 2021 The Web eID Project
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-package com.tarkvaratehnika.demobackend.web.rest
-
-import com.tarkvaratehnika.demobackend.config.SessionManager
-import com.tarkvaratehnika.demobackend.dto.ChallengeDto
-import com.tarkvaratehnika.demobackend.security.WebEidAuthentication
-import org.slf4j.LoggerFactory
-import org.springframework.web.bind.annotation.GetMapping
-import org.springframework.web.bind.annotation.RequestHeader
-import org.springframework.web.bind.annotation.RequestMapping
-import org.springframework.web.bind.annotation.RestController
-import org.webeid.security.nonce.NonceGenerator
-
-@RestController
-@RequestMapping("auth")
-class Test (val nonceGenerator: NonceGenerator) {
-
-    private val LOG = LoggerFactory.getLogger(ChallengeController::class.java)
-
-    @GetMapping("test")
-    fun test(@RequestHeader headers: Map<String, String>): String {
-        return "<h1>JOUUUUUUUU</h1>"
-    }
-
-    @GetMapping("test2")
-    fun test2(@RequestHeader headers: Map<String, String>): String {
-        return "<h1>JOUUUUUUUU22222222222222222</h1>"
-    }
-
-}
-