mirror of
https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC.git
synced 2024-12-22 04:20:16 +02:00
MOB-55 Fixed an issue with session invalidation.
This commit is contained in:
TanelOrumaa
parent
b66c2386f0
commit
e5931692b6
@ -13,6 +13,7 @@
|
|||||||
<version>0.0.1-SNAPSHOT</version>
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
<name>demoBackend</name>
|
<name>demoBackend</name>
|
||||||
<description>demoBackend</description>
|
<description>demoBackend</description>
|
||||||
|
<packaging>jar</packaging>
|
||||||
<properties>
|
<properties>
|
||||||
<java.version>11</java.version>
|
<java.version>11</java.version>
|
||||||
<kotlin.version>1.5.31</kotlin.version>
|
<kotlin.version>1.5.31</kotlin.version>
|
||||||
|
|||||||
@ -25,8 +25,7 @@ export default {
|
|||||||
|
|
||||||
const requestOptions = {
|
const requestOptions = {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: {"Content-Type": "application/json"},
|
headers: {"sessionId": this.$store.getters.getSessionId}
|
||||||
body: JSON.stringify({"sessionId": this.$store.getters.getSessionId})
|
|
||||||
};
|
};
|
||||||
fetch("/auth/logout", requestOptions)
|
fetch("/auth/logout", requestOptions)
|
||||||
.then((response) => {
|
.then((response) => {
|
||||||
|
|||||||
@ -54,7 +54,7 @@ class SessionManager {
|
|||||||
fun removeRoleFromCurrentSession(headers: Map<String, String>) {
|
fun removeRoleFromCurrentSession(headers: Map<String, String>) {
|
||||||
val securityContext = SecurityContextHolder.getContext()
|
val securityContext = SecurityContextHolder.getContext()
|
||||||
var sessionId = securityContext.authentication.credentials
|
var sessionId = securityContext.authentication.credentials
|
||||||
if (sessionId == null) {
|
if (sessionId == null || sessionId == "") {
|
||||||
// Fallback to when for some reason session object doesn't have sessionId attached.
|
// Fallback to when for some reason session object doesn't have sessionId attached.
|
||||||
sessionId = getSessionId(headers)
|
sessionId = getSessionId(headers)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -41,8 +41,8 @@ class AuthenticationController {
|
|||||||
return SessionManager.getSessionAuth(SessionManager.getSessionId(headers))
|
return SessionManager.getSessionAuth(SessionManager.getSessionId(headers))
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("logout", consumes = [MediaType.APPLICATION_JSON_VALUE])
|
@PostMapping("logout")
|
||||||
fun logOut(@RequestHeader headers: Map<String, String>, @RequestBody body: String) : HttpStatus? {
|
fun logOut(@RequestHeader headers: Map<String, String>) : HttpStatus? {
|
||||||
SessionManager.removeRoleFromCurrentSession(headers)
|
SessionManager.removeRoleFromCurrentSession(headers)
|
||||||
return HttpStatus.ACCEPTED
|
return HttpStatus.ACCEPTED
|
||||||
|
|
||||||
|
|||||||
@ -1,52 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2020, 2021 The Web eID Project
|
|
||||||
*
|
|
||||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
* of this software and associated documentation files (the "Software"), to deal
|
|
||||||
* in the Software without restriction, including without limitation the rights
|
|
||||||
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
* copies of the Software, and to permit persons to whom the Software is
|
|
||||||
* furnished to do so, subject to the following conditions:
|
|
||||||
*
|
|
||||||
* The above copyright notice and this permission notice shall be included in all
|
|
||||||
* copies or substantial portions of the Software.
|
|
||||||
*
|
|
||||||
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
* SOFTWARE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package com.tarkvaratehnika.demobackend.web.rest
|
|
||||||
|
|
||||||
import com.tarkvaratehnika.demobackend.config.SessionManager
|
|
||||||
import com.tarkvaratehnika.demobackend.dto.ChallengeDto
|
|
||||||
import com.tarkvaratehnika.demobackend.security.WebEidAuthentication
|
|
||||||
import org.slf4j.LoggerFactory
|
|
||||||
import org.springframework.web.bind.annotation.GetMapping
|
|
||||||
import org.springframework.web.bind.annotation.RequestHeader
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping
|
|
||||||
import org.springframework.web.bind.annotation.RestController
|
|
||||||
import org.webeid.security.nonce.NonceGenerator
|
|
||||||
|
|
||||||
@RestController
|
|
||||||
@RequestMapping("auth")
|
|
||||||
class Test (val nonceGenerator: NonceGenerator) {
|
|
||||||
|
|
||||||
private val LOG = LoggerFactory.getLogger(ChallengeController::class.java)
|
|
||||||
|
|
||||||
@GetMapping("test")
|
|
||||||
fun test(@RequestHeader headers: Map<String, String>): String {
|
|
||||||
return "<h1>JOUUUUUUUU</h1>"
|
|
||||||
}
|
|
||||||
|
|
||||||
@GetMapping("test2")
|
|
||||||
fun test2(@RequestHeader headers: Map<String, String>): String {
|
|
||||||
return "<h1>JOUUUUUUUU22222222222222222</h1>"
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user