Commit 3ed424cb authored by Nick Stenning's avatar Nick Stenning

Roll xsrf value into session service

Rather than using a separate named value to keep track of the current
CSRF token, simply treat this as part of the session state.
parent ed44cb77
...@@ -62,6 +62,4 @@ function configure( $httpProvider, identityProvider) { ...@@ -62,6 +62,4 @@ function configure( $httpProvider, identityProvider) {
]; ];
} }
angular.module('h') angular.module('h').config(configure);
.value('xsrf', {token: null})
.config(configure);
...@@ -56,8 +56,8 @@ function sessionActions(options) { ...@@ -56,8 +56,8 @@ function sessionActions(options) {
*/ */
// TODO: Move accounts data management (e.g. profile, edit_profile, // TODO: Move accounts data management (e.g. profile, edit_profile,
// disable_user, etc) into another module with another route. // disable_user, etc) into another module with another route.
session.$inject = ['$document', '$http', '$resource', 'flash', 'xsrf']; session.$inject = ['$document', '$http', '$resource', 'flash'];
function session( $document, $http, $resource, flash, xsrf) { function session( $document, $http, $resource, flash) {
var actions = sessionActions({ var actions = sessionActions({
transformRequest: prepare, transformRequest: prepare,
transformResponse: process, transformResponse: process,
...@@ -71,7 +71,10 @@ function session( $document, $http, $resource, flash, xsrf) { ...@@ -71,7 +71,10 @@ function session( $document, $http, $resource, flash, xsrf) {
resource.state = {}; resource.state = {};
function prepare(data, headersGetter) { function prepare(data, headersGetter) {
headersGetter()[$http.defaults.xsrfHeaderName] = xsrf.token; var csrfTok = resource.state.csrf;
if (typeof csrfTok !== 'undefined') {
headersGetter()[$http.defaults.xsrfHeaderName] = csrfTok;
}
return angular.toJson(data); return angular.toJson(data);
} }
...@@ -98,7 +101,7 @@ function session( $document, $http, $resource, flash, xsrf) { ...@@ -98,7 +101,7 @@ function session( $document, $http, $resource, flash, xsrf) {
} }
} }
xsrf.token = model.csrf; // Copy the model data (including the CSRF token) into `resource.state`.
angular.copy(model, resource.state); angular.copy(model, resource.state);
// Return the model // Return the model
......
...@@ -28,11 +28,9 @@ describe('h:session', function () { ...@@ -28,11 +28,9 @@ describe('h:session', function () {
}; };
fakeDocument.prop.withArgs('baseURI').returns('http://foo.com/'); fakeDocument.prop.withArgs('baseURI').returns('http://foo.com/');
fakeFlash = {error: sandbox.spy()}; fakeFlash = {error: sandbox.spy()};
fakeXsrf = {token: 'faketoken'};
$provide.value('$document', fakeDocument); $provide.value('$document', fakeDocument);
$provide.value('flash', fakeFlash); $provide.value('flash', fakeFlash);
$provide.value('xsrf', fakeXsrf);
})); }));
...@@ -99,7 +97,7 @@ describe('h:session', function () { ...@@ -99,7 +97,7 @@ describe('h:session', function () {
$httpBackend.expectPOST(url).respond({model: model}); $httpBackend.expectPOST(url).respond({model: model});
session.login({}); session.login({});
$httpBackend.flush(); $httpBackend.flush();
assert.equal(fakeXsrf.token, token); assert.equal(session.state.csrf, token);
$httpBackend.expectPOST(url, {}, headers).respond({}); $httpBackend.expectPOST(url, {}, headers).respond({});
session.login({}); session.login({});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment