oauth: fix authorisation in the web app

* Ensure the cookie db-connector-user is also passed to HTTP connections. * Trigger the reload of the web app when the authorisation popup is closed. Fixes #260
plotly · Jun 1, 2018 · f362921 · f362921
1 parent 6100bba
commit f362921
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 15 deletions.
diff --git a/app/components/#.react.js b/app/components/#.react.js
@@ -20,7 +20,6 @@ const CLOUD = 'cloud';
 const ONPREM = 'onprem';
 
 window.document.title = `${build.productName} v${version}`;
-let usernameLogged = '';
 
 class Login extends Component {
     constructor(props) {
@@ -35,6 +34,11 @@ class Login extends Component {
         this.buildOauthUrl = this.buildOauthUrl.bind(this);
         this.oauthPopUp = this.oauthPopUp.bind(this);
         this.logIn = this.logIn.bind(this);
+
+        // the web app:
+        // - sets this property to the popup window opened for authorization
+        // - and triggers a reload when `this.popup.closed` becomes true
+        this.popup = null;
     }
 
     componentDidMount() {
@@ -46,8 +50,7 @@ class Login extends Component {
          * to check for authentication.
          */
         setInterval(() => {
-            usernameLogged = cookie.load('db-connector-user');
-            if (usernameLogged) {
+            if (this.popup && this.popup.closed) {
                 if (serverType === ONPREM) {
                     this.setState({
                         status: 'authorized',
@@ -135,7 +138,7 @@ class Login extends Component {
         const left = ((width / 2) - (w / 2)) + dualScreenLeft;
         const top = ((height / 2) - (h / 2)) + dualScreenTop;
 
-        window.open(url, title, `scrollbars=yes, width=${w}, height=${h}, top=${top}, left=${left}`);
+        this.popup = window.open(url, title, `scrollbars=yes, width=${w}, height=${h}, top=${top}, left=${left}`);
     }
 
     logIn () {

diff --git a/backend/routes.js b/backend/routes.js
@@ -1,13 +1,24 @@
+const fetch = require('node-fetch');
+import {contains, keys, isEmpty, merge, pluck} from 'ramda';
 const restify = require('restify');
 const CookieParser = require('restify-cookies');
-const fetch = require('node-fetch');
 
 import * as fs from 'fs';
 import path from 'path';
 
-import * as Datastores from './persistent/datastores/Datastores.js';
 import {PlotlyOAuth} from './plugins/authorization.js';
-import {getQueries, getQuery, deleteQuery} from './persistent/Queries';
+import {generateAndSaveAccessToken} from './utils/authUtils.js';
+import {
+    getAccessTokenCookieOptions,
+    getCookieOptions,
+    getUnsecuredCookieOptions
+} from './constants.js';
+import {getCerts, timeoutFetchAndSaveCerts, setRenewalJob} from './certificates.js';
+import * as Datastores from './persistent/datastores/Datastores.js';
+import init from './init.js';
+import Logger from './logger.js';
+import {checkWritePermissions, newDatacache} from './persistent/plotly-api.js';
+import {getQueries, getQuery, deleteQuery} from './persistent/Queries.js';
 import {
     deleteConnectionById,
     editConnectionById,
@@ -21,13 +32,7 @@ import {
 } from './persistent/Connections.js';
 import QueryScheduler from './persistent/QueryScheduler.js';
 import {getSetting, saveSetting} from './settings.js';
-import {generateAndSaveAccessToken} from './utils/authUtils';
-import {getAccessTokenCookieOptions, getCookieOptions} from './constants';
-import {checkWritePermissions, newDatacache} from './persistent/plotly-api.js';
-import {contains, keys, isEmpty, merge, pluck} from 'ramda';
-import {getCerts, timeoutFetchAndSaveCerts, setRenewalJob} from './certificates';
-import Logger from './logger';
-import init from './init.js';
+
 
 export default class Servers {
     /*
@@ -309,7 +314,7 @@ export default class Servers {
                         res.setCookie('db-connector-auth-token',
                                       db_connector_access_token,
                                       getAccessTokenCookieOptions());
-                        res.setCookie('db-connector-user', username, getCookieOptions());
+                        res.setCookie('db-connector-user', username, getUnsecuredCookieOptions());
 
                         const existingUsers = getSetting('USERS');
                         const existingUsernames = pluck('username', existingUsers);