Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 3db487e2

Přidáno uživatelem Jakub Hlaváč před téměř 4 roky(ů)

Re #8469 - Improvment security - implementace

  • security enhancements
  • usage of session storage

Zobrazit rozdíly:

src/app/auth/interceptors/auth.interceptor.ts
20 20 

  		




  21
  21
  
    
  intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {


  		




  22
  22
  
    

  		




  23
  
  
    
    if (!this.userState.getLoggedIn() && !request.url.includes('ControllerServlet')) {


  		




  
  23
  
    
    if (!sessionStorage.getItem('sessionid') && !request.url.includes('ControllerServlet')) {


  		




  24
  24
  
    
       return of(null);


  		




  25
  25
  
    
    }


  		




  26
  26
  
    

  		




  
  27
  
    
    if (!request.url.includes('ControllerServlet')){


  		




  
  28
  
    
      request = request.clone({


  		




  
  29
  
    
        setParams: {


  		




  
  30
  
    
          user: sessionStorage.getItem('userName')


  		




  
  31
  
    
        }


  		




  
  32
  
    
      });


  		




  
  33
  
    
    }


  		




  
  34
  
    

  		




  27
  35
  
    
    return next.handle(request)


  		




  28
  36
  
    
      .pipe(


  		




  29
  37
  
    
        catchError(err => {


  		












  

    
      src/app/auth/services/auth.service.ts
    
  





  1
  1
  
    
import {Injectable} from '@angular/core';


  		




  2
  2
  
    
import {HttpClient, HttpResponse} from '@angular/common/http';


  		




  3
  
  
    
import {Observable, of} from 'rxjs';


  		




  
  3
  
    
import {Observable, of, pipe} from 'rxjs';


  		




  4
  4
  
    
import {catchError, mapTo, tap} from 'rxjs/operators';


  		




  5
  5
  
    
import {Router} from '@angular/router';


  		




  6
  6
  
    
import {CookieService} from 'ngx-cookie-service';


  		




  ......




  26
  26
  
    
  doLogin(loginInput): Observable<boolean> {


  		




  27
  27
  
    
    return this.loginService.login$Response(loginInput)


  		




  28
  28
  
    
      .pipe(


  		




  29
  
  
    
        tap((userInfo: HttpResponse<UserInfo>) => this.setUserFromResponse(userInfo.body)),


  		




  
  29
  
    
        tap((userInfo: HttpResponse<UserInfo>) => this.setUserFromResponse(userInfo.body, loginInput)),


  		




  30
  30
  
    
        mapTo(true),


  		




  31
  31
  
    
        catchError(() => {


  		




  32
  32
  
    
          return of<boolean>(false);


  		




  ......




  42
  42
  
    
    return this.userState.getLoggedIn();


  		




  43
  43
  
    
  }


  		




  44
  44
  
    

  		




  45
  
  
    
  setUserFromResponse(userInfo: UserInfo): UserInfo {


  		




  
  45
  
    
  setUserFromResponse(userInfo: UserInfo, loginInput): UserInfo {


  		




  46
  46
  
    
    this.userState.setUser(userInfo);


  		




  47
  47
  
    
    this.userState.setLoggedIn(true);


  		




  
  48
  
    
    sessionStorage.setItem('userName', loginInput.username)


  		




  
  49
  
    
    sessionStorage.setItem('sessionid', userInfo.sessionid)


  		




  
  50
  
    
    sessionStorage.setItem('language', userInfo.language)


  		




  
  51
  
    
    sessionStorage.setItem('audio', String(userInfo.audio))


  		




  
  52
  
    
    this.cookieService.set('userName', loginInput.username)


  		




  48
  53
  
    
    return userInfo;


  		




  49
  54
  
    
  }


  		




  50
  55
  
    

  		












Také k dispozici:  Unified diff