Merge branch '206-login-with-empty-credentials-throws-a-persistent-error' into 'master'

when user logout session auth key is cleared Closes #206 See merge request !111

Merge branch '206-login-with-empty-credentials-throws-a-persistent-error' into 'master'
when user logout session auth key is cleared Closes #206 See merge request !111
4b063e79 · Piotr Gawron · c06dff60 · da32ca76 · 4b063e79 · 4b063e79
Commit 4b063e79 authored 7 years ago by Piotr Gawron
--- a/CHANGELOG
+++ b/CHANGELOG
+minerva (11.0.1) stable; urgency=medium
+  * Bug fix: logout caused issues with session data 
+
+ -- Piotr Gawron <piotr.gawron@uni.lu>  Fri, 08 Sep 2017 12:00:00 +0200
+
 minerva (11.0.0) stable; urgency=medium

  * Bug fix: security issue - access to specific map can be restricted 

--- a/frontend-js/.idea/frontend-js.iml
+++ b/frontend-js/.idea/frontend-js.iml
@@ -3,6 +3,7 @@
  <component name="NewModuleRootManager">
    <content url="file://$MODULE_DIR$">
      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/dist" />
      <excludeFolder url="file://$MODULE_DIR$/temp" />
      <excludeFolder url="file://$MODULE_DIR$/tmp" />
    </content>

--- a/frontend-js/src/main/js/ServerConnector.js
+++ b/frontend-js/src/main/js/ServerConnector.js
@@ -248,15 +248,14 @@ ServerConnector.getToken = function (token) {

  var self = this;
  token = self.getSessionData(null).getToken();
-  if (token === undefined) {
+  var login = self.getSessionData(null).getLogin()
+  if (token === undefined || login === undefined) {
    return self.login();
  } else {
    // if the project is not initialized then check if we can download data
    // using current token
    if (self.getSessionData().getProject() === null) {
-      return self.getConfiguration({
-        token: token
-      }).then(function () {
+      return self.getConfiguration().then(function () {
        return token;
      }, function () {
        return self.login();
@@ -376,6 +375,12 @@ ServerConnector.loginUrl = function () {
  });
 };

+ServerConnector.logoutUrl = function () {
+  return this.getApiUrl({
+    type: "/doLogout",
+  });
+};
+
 ServerConnector.getSuggestedQueryListUrl = function (queryParams, filterParams) {
  return this.getApiUrl({
    url: this.getBioEntitiesUrl(queryParams) + "suggestedQueryList/",
@@ -603,10 +608,7 @@ ServerConnector.getUserUrl = function (queryParams, filterParams) {
  });
 };

-ServerConnector.getConfiguration = function (params) {
-  if (params === undefined) {
-    params = {};
-  }
+ServerConnector.getConfiguration = function () {
  var self = this;
  if (this._configuration === undefined) {
    return self.readFile(self.getConfigurationUrl()).then(function (content) {
@@ -947,7 +949,7 @@ ServerConnector.getClosestElementsByCoordinates = function (params) {
 ServerConnector.login = function (login, password) {
  var self = this;
  var params = {};
-  if (login !== undefined) {
+  if (login !== undefined && login !== "") {
    params.login = login;
    params.password = password;
  } else {
@@ -970,7 +972,7 @@ ServerConnector.logout = function () {
  var self = this;
  self.getSessionData().setToken(undefined);
  self.getSessionData().setLogin(undefined);
-  return Promise.resolve();
+  return self.readFile(self.logoutUrl());
 };

 ServerConnector.getElementsByQuery = function (params) {

--- a/frontend-js/testFiles/apiCalls/doLogout
+++ b/frontend-js/testFiles/apiCalls/doLogout
+{"status":"ok"}
\ No newline at end of file
--- a/persist/src/db/11.0.1/fix_db_20170908.sql
+++ b/persist/src/db/11.0.1/fix_db_20170908.sql
+-- empty file to force directory to be commited to git repo
--- a/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
@@ -78,11 +78,27 @@ public class UserController extends BaseController {
 	}

 	@RequestMapping(value = "/doLogout", method = { RequestMethod.GET, RequestMethod.POST }, produces = { MediaType.APPLICATION_JSON_VALUE })
-	public Map<String, String> logout(@CookieValue(value = Configuration.AUTH_TOKEN) String token) throws SecurityException {
+	public Map<String, String> logout(@CookieValue(value = Configuration.AUTH_TOKEN) String token,
+			HttpServletResponse response //
+			) throws SecurityException, IOException {
 		userService.logout(token);
-		Map<String, String> response = new HashMap<>();
-		response.put("status", "OK");
-		return response;
+		Map<String, String> result = new HashMap<>();
+		result.put("status", "OK");
+		
+		final Boolean useSecureCookie = false;
+		final String cookiePath = "/";
+		
+		Cookie cookie = new Cookie("MINERVA_AUTH_TOKEN", token);
+
+		cookie.setSecure(useSecureCookie);
+		cookie.setMaxAge(0);
+		cookie.setPath(cookiePath);
+
+		response.addCookie(cookie);
+		response.getWriter().write("{\"status\":\"OK\"}");
+		response.getWriter().flush();
+		response.getWriter().close();
+		return result;
 	}

 	/**