Roll xsrf value into session service

Rather than using a separate named value to keep track of the current CSRF token, simply treat this as part of the session state.

Roll xsrf value into session service
Rather than using a separate named value to keep track of the current CSRF token, simply treat this as part of the session state.
3ed424cb · Nick Stenning · ed44cb77 · 3ed424cb · 3ed424cb · 3ed424cb
Commit 3ed424cb authored Jul 24, 2015 by Nick Stenning
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 10 deletions

accounts.js h/static/scripts/config/accounts.js +1 -3

session.js h/static/scripts/session.js +7 -4

session-test.js h/static/scripts/test/session-test.js +1 -3

No files found.
--- a/h/static/scripts/config/accounts.js
+++ b/h/static/scripts/config/accounts.js
@@ -62,6 +62,4 @@ function configure(   $httpProvider,   identityProvider) {
  ];
 }

-angular.module('h')
-  .value('xsrf', {token: null})
-  .config(configure);
+angular.module('h').config(configure);
--- a/h/static/scripts/session.js
+++ b/h/static/scripts/session.js
@@ -56,8 +56,8 @@ function sessionActions(options) {
 */
 // TODO: Move accounts data management (e.g. profile, edit_profile,
 // disable_user, etc) into another module with another route.
-session.$inject = ['$document', '$http', '$resource', 'flash', 'xsrf'];
-function session(   $document,   $http,   $resource,   flash,   xsrf) {
+session.$inject = ['$document', '$http', '$resource', 'flash'];
+function session(   $document,   $http,   $resource,   flash) {
  var actions = sessionActions({
    transformRequest: prepare,
    transformResponse: process,
@@ -71,7 +71,10 @@ function session(   $document,   $http,   $resource,   flash,   xsrf) {
  resource.state = {};

  function prepare(data, headersGetter) {
-    headersGetter()[$http.defaults.xsrfHeaderName] = xsrf.token;
+    var csrfTok = resource.state.csrf;
+    if (typeof csrfTok !== 'undefined') {
+      headersGetter()[$http.defaults.xsrfHeaderName] = csrfTok;
+    }
    return angular.toJson(data);
  }

@@ -98,7 +101,7 @@ function session(   $document,   $http,   $resource,   flash,   xsrf) {
      }
    }

-    xsrf.token = model.csrf;
+    // Copy the model data (including the CSRF token) into `resource.state`.
    angular.copy(model, resource.state);

    // Return the model

--- a/h/static/scripts/test/session-test.js
+++ b/h/static/scripts/test/session-test.js
@@ -28,11 +28,9 @@ describe('h:session', function () {
    };
    fakeDocument.prop.withArgs('baseURI').returns('http://foo.com/');
    fakeFlash = {error: sandbox.spy()};
-    fakeXsrf = {token: 'faketoken'};

    $provide.value('$document', fakeDocument);
    $provide.value('flash', fakeFlash);
-    $provide.value('xsrf', fakeXsrf);
  }));


@@ -99,7 +97,7 @@ describe('h:session', function () {
      $httpBackend.expectPOST(url).respond({model: model});
      session.login({});
      $httpBackend.flush();
-      assert.equal(fakeXsrf.token, token);
+      assert.equal(session.state.csrf, token);

      $httpBackend.expectPOST(url, {}, headers).respond({});
      session.login({});