MOB-55 Fixed an issue with session invalidation.

This commit is contained in:
TanelOrumaa 2021-12-14 19:50:11 +02:00
parent b66c2386f0
commit e5931692b6
5 changed files with 5 additions and 57 deletions

View File

@ -13,6 +13,7 @@
<version>0.0.1-SNAPSHOT</version>
<name>demoBackend</name>
<description>demoBackend</description>
<packaging>jar</packaging>
<properties>
<java.version>11</java.version>
<kotlin.version>1.5.31</kotlin.version>

View File

@ -25,8 +25,7 @@ export default {
const requestOptions = {
method: "POST",
headers: {"Content-Type": "application/json"},
body: JSON.stringify({"sessionId": this.$store.getters.getSessionId})
headers: {"sessionId": this.$store.getters.getSessionId}
};
fetch("/auth/logout", requestOptions)
.then((response) => {

View File

@ -54,7 +54,7 @@ class SessionManager {
fun removeRoleFromCurrentSession(headers: Map<String, String>) {
val securityContext = SecurityContextHolder.getContext()
var sessionId = securityContext.authentication.credentials
if (sessionId == null) {
if (sessionId == null || sessionId == "") {
// Fallback to when for some reason session object doesn't have sessionId attached.
sessionId = getSessionId(headers)
}

View File

@ -41,8 +41,8 @@ class AuthenticationController {
return SessionManager.getSessionAuth(SessionManager.getSessionId(headers))
}
@PostMapping("logout", consumes = [MediaType.APPLICATION_JSON_VALUE])
fun logOut(@RequestHeader headers: Map<String, String>, @RequestBody body: String) : HttpStatus? {
@PostMapping("logout")
fun logOut(@RequestHeader headers: Map<String, String>) : HttpStatus? {
SessionManager.removeRoleFromCurrentSession(headers)
return HttpStatus.ACCEPTED

View File

@ -1,52 +0,0 @@
/*
* Copyright (c) 2020, 2021 The Web eID Project
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package com.tarkvaratehnika.demobackend.web.rest
import com.tarkvaratehnika.demobackend.config.SessionManager
import com.tarkvaratehnika.demobackend.dto.ChallengeDto
import com.tarkvaratehnika.demobackend.security.WebEidAuthentication
import org.slf4j.LoggerFactory
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.RequestHeader
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.bind.annotation.RestController
import org.webeid.security.nonce.NonceGenerator
@RestController
@RequestMapping("auth")
class Test (val nonceGenerator: NonceGenerator) {
private val LOG = LoggerFactory.getLogger(ChallengeController::class.java)
@GetMapping("test")
fun test(@RequestHeader headers: Map<String, String>): String {
return "<h1>JOUUUUUUUU</h1>"
}
@GetMapping("test2")
fun test2(@RequestHeader headers: Map<String, String>): String {
return "<h1>JOUUUUUUUU22222222222222222</h1>"
}
}