Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
C
coopwire-hypothesis
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
孙灵跃 Leon Sun
coopwire-hypothesis
Commits
3c1764df
Commit
3c1764df
authored
Oct 03, 2014
by
Randall Leeds
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Isolate XSRF Token handling to session service
parent
b47b6bd0
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
40 additions
and
47 deletions
+40
-47
auth.coffee
h/static/scripts/auth/auth.coffee
+25
-36
session-service.coffee
h/static/scripts/auth/session-service.coffee
+15
-11
No files found.
h/static/scripts/auth/auth.coffee
View file @
3c1764df
...
...
@@ -5,22 +5,11 @@ imports = [
]
configure
=
[
'$httpProvider'
,
'identityProvider'
,
(
$httpProvider
,
identityProvider
)
->
defaults
=
$httpProvider
.
defaults
configure
=
[
'$httpProvider'
,
'identityProvider'
,
(
$httpProvider
,
identityProvider
)
->
# Use the Pyramid XSRF header name
defaults
.
xsrfHeaderName
=
'X-CSRF-Token'
$httpProvider
.
interceptors
.
push
[
'documentHelpers'
,
(
documentHelpers
)
->
request
:
(
config
)
->
endpoint
=
documentHelpers
.
absoluteURI
(
'/app'
)
if
config
.
url
.
indexOf
(
endpoint
)
==
0
# Set the cross site request forgery token
cookieName
=
config
.
xsrfCookieName
||
defaults
.
xsrfCookieName
headerName
=
config
.
xsrfHeaderName
||
defaults
.
xsrfHeaderName
config
.
headers
[
headerName
]
?=
csrfToken
config
]
$httpProvider
.
defaults
.
xsrfHeaderName
=
'X-CSRF-Token'
identityProvider
.
checkAuthorization
=
[
'session'
,
...
...
h/static/scripts/auth/session-service.coffee
View file @
3c1764df
...
...
@@ -21,12 +21,6 @@ for action in ACTION
withCredentials
:
true
# Global because $resource doesn't support request interceptors, so a
# the default http request interceptor and the session resource interceptor
# need to share it.
csrfToken
=
null
###*
# @ngdoc provider
# @name sessionProvider
...
...
@@ -66,9 +60,20 @@ class SessionProvider
# });
###
$get
:
[
'$q'
,
'$resource'
,
'documentHelpers'
,
'flash'
,
(
$q
,
$resource
,
documentHelpers
,
flash
)
->
'$
http'
,
'$
q'
,
'$resource'
,
'documentHelpers'
,
'flash'
,
(
$
http
,
$
q
,
$resource
,
documentHelpers
,
flash
)
->
actions
=
{}
provider
=
this
# Capture the state of the cross site request forgery token.
# If cookies are blocked this is our only way to get it.
xsrfToken
=
null
prepare
=
(
data
,
headersGetter
)
->
if
xsrfToken
headers
=
headersGetter
()
headers
[
$http
.
defaults
.
xsrfHeaderName
]
=
xsrfToken
return
angular
.
toJson
data
process
=
(
data
,
headersGetter
)
->
# Parse as json
...
...
@@ -83,15 +88,14 @@ class SessionProvider
for
q
,
msgs
of
data
.
flash
flash
q
,
msgs
# Capture the cross site request forgery token without cookies.
# If cookies are blocked this is our only way to get it.
csrfToken
=
model
.
certificate
xsrfToken
=
model
.
csrf
# Return the model
model
for
name
,
options
of
ACTION_OPTION
actions
[
name
]
=
angular
.
extend
{},
options
,
@
options
actions
[
name
].
transformRequest
=
prepare
actions
[
name
].
transformResponse
=
process
endpoint
=
documentHelpers
.
absoluteURI
(
'/app'
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment