Merge remote-tracking branch 'origin/hotfix/1.8.2'

frontend/src/resources/app-config.json

@@ -4,7 +4,7 @@
   "filter_cleanup_interval_hours": 720,
   "filter_cleanup_check_period_minutes": 30,
   "auth_method": "form",
-  "enable.version.in.url": "%enable.version.in.url%",
+  "enable.version.in.url": "false",
   "backend.context": "fl",
   "guard.confirm_exit": false,
   "message_service_error_timeout": "",

frontend/src/resources/app.version

@@ -1 +1 @@
-%project.version%
+1.8.2-SNAPSHOT

frontend/src/resources/template/app/component/log_out.html

@@ -2,4 +2,5 @@
 <div ngbDropdownMenu *ngIf="getIsAuth()">
     <a routerLink="/mydata" class="data">Мои данные</a>
     <button ngbDropdownItem class="exit" (click)="logout()">Выйти</button>
-</div>
+</div>
+<button class="exit" *ngIf="!getIsAuth()" (click)="logout()">Выйти</button>

frontend/src/ts/modules/app/app.module.ts

@@ -1,4 +1,4 @@
-import {forwardRef, NgModule} from "@angular/core";
+import {APP_INITIALIZER, forwardRef, NgModule} from "@angular/core";
 import {NgbModule} from "@ng-bootstrap/ng-bootstrap";
 import {CommonModule, registerLocaleData} from "@angular/common";
 import localeRu from '@angular/common/locales/ru';
@@ -23,6 +23,7 @@ import {TextWithDialogLinks} from "../../ervu/component/textwithdialoglinks/Text
 import {LogOutComponent} from "./component/logout.component";
 import {LoadForm} from "../../ervu/component/container/LoadForm";
 import {InMemoryStaticGrid} from "../../ervu/component/grid/InMemoryStaticGrid";
+import {AuthenticationService} from "../security/authentication.service";
 
 registerLocaleData(localeRu);
 export const DIRECTIVES = [
@@ -37,6 +38,10 @@ export const DIRECTIVES = [
   forwardRef(() => InMemoryStaticGrid)
 ];
 
+export function checkAuthentication(authService: AuthenticationService): () => Promise<any> {
+  return () => authService.checkAuthentication();
+}
+
 @NgModule({
             imports: [
               CommonModule,
@@ -57,6 +62,13 @@ export const DIRECTIVES = [
               DIRECTIVES
             ],
             providers: [
+              AuthenticationService,
+              {
+                provide: APP_INITIALIZER,
+                useFactory: checkAuthentication,
+                deps: [AuthenticationService],
+                multi: true,
+              },
               { provide: ProgressIndicationService, useClass: AppProgressIndicationService }
             ],
             bootstrap: [],

frontend/src/ts/modules/app/component/logout.component.ts

@@ -27,10 +27,10 @@ export class LogOutComponent implements OnInit{
     }
   }
 
-  public logout(): void {
-    this.httpClient.get<string>("esia/logout").toPromise().then(url => {
+  logout(): Promise<any> {
+    return this.httpClient.post<string>('esia/logout', {}, { responseType: 'text' as 'json' }).toPromise().then(url => {
       window.open(url, "_self");
-    })
+    });
   }
 
   public getUserFullname(): string {

frontend/src/ts/modules/security/TokenConstants.ts

@@ -0,0 +1,4 @@
+export class TokenConstants {
+  public static readonly CSRF_TOKEN_NAME = "XSRF-TOKEN";
+  public static readonly CSRF_HEADER_NAME = "X-XSRF-TOKEN";
+}

frontend/src/ts/modules/security/authentication.service.ts

@@ -0,0 +1,27 @@
+import {Injectable} from '@angular/core';
+import {HttpClient} from '@angular/common/http';
+import {Observable} from "rxjs";
+import {CookieService} from "ngx-cookie";
+import {tap} from "rxjs/operators";
+import {AppConfigService} from "@webbpm/base-package";
+
+@Injectable({providedIn: 'root'})
+export class AuthenticationService {
+
+  constructor(private http: HttpClient,
+              private cookieService: CookieService,
+              private appConfigService: AppConfigService) {
+  }
+
+  checkAuthentication(): Promise<any>{
+    return this.appConfigService.load().then(value => this.http.get<any>("version").toPromise())
+  }
+
+  logout(): Promise<string> {
+    return this.http.post<string>('esia/logout', {}).toPromise();
+  }
+
+  public isAuthenticated(): boolean {
+    return this.cookieService.get('webbpm.ervu-lkrp-fl') != null;
+  }
+}

frontend/src/ts/modules/security/guard/auth.guard.ts

@@ -2,8 +2,8 @@ import {Injectable} from "@angular/core";
 import {ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot} from "@angular/router";
 import {Observable} from "rxjs";
 import {HttpClient, HttpParams} from "@angular/common/http";
-import {CookieService} from "ngx-cookie";
 import {MessagesService} from "@webbpm/base-package";
+import {AuthenticationService} from "../authentication.service";
 
 @Injectable({providedIn:'root'})
 export abstract class AuthGuard implements CanActivate {
@@ -11,7 +11,7 @@ export abstract class AuthGuard implements CanActivate {
   protected constructor(
       protected router: Router,
       private httpClient: HttpClient,
-      private cookieService: CookieService,
+      private authenticationService: AuthenticationService,
       private messageService: MessagesService
   ) {
   }
@@ -36,11 +36,24 @@ export abstract class AuthGuard implements CanActivate {
       }
       else if (code) {
         const params = new HttpParams().set('code', code);
-        this.httpClient.get<boolean>("esia/auth", {params: params}).toPromise().then(
-            () => window.open(url.origin + url.pathname, "_self"))
-            .catch((reason) =>
-                       console.error(reason)
-            );
+        this.httpClient.get("esia/auth",
+                            {
+                              params: params, responseType: 'text', observe: 'response', headers: {
+                                "Error-intercept-skip": "true"
+                              }
+                            })
+            .toPromise()
+            .then(
+                (response) => {
+                  window.open(url.origin + url.pathname, "_self");
+                })
+            .catch((reason) => {
+              let errorMessage = reason.error.messages != null
+                                 ? reason.error.messages
+                                 : reason.error.replaceAll('\\', '');
+              this.messageService.error(errorMessage);
+              console.error(reason);
+            });
         return false;
       }
       else {
@@ -55,11 +68,7 @@ export abstract class AuthGuard implements CanActivate {
     });
   }
 
-  private checkAccess(): Promise<boolean> | boolean {
-    return this.getIsAuth() != null;
-  };
-
-  public getIsAuth(): string {
-    return this.cookieService.get('webbpm.ervu-lkrp-fl');
+  private checkAccess(): boolean {
+    return this.authenticationService.isAuthenticated();
   }
 }

frontend/src/ts/modules/webbpm/interceptor/absolute-url-csrf.interceptor.ts

@@ -0,0 +1,26 @@
+import {HttpEvent, HttpHandler, HttpInterceptor, HttpRequest} from '@angular/common/http';
+import {Injectable} from '@angular/core';
+import {Observable} from 'rxjs';
+import {CookieService} from "ngx-cookie";
+import {TokenConstants} from "../../security/TokenConstants";
+
+@Injectable()
+export class AbsoluteUrlCsrfInterceptor implements HttpInterceptor {
+
+  constructor(private cookieService: CookieService) {
+  }
+
+  intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
+
+    let requestToForward = req;
+    let token = this.cookieService.get(TokenConstants.CSRF_TOKEN_NAME) as string;
+
+    if (token != null) {
+      let headers = {};
+      let headerName = TokenConstants.CSRF_HEADER_NAME;
+      headers[headerName] = token;
+      requestToForward = req.clone({setHeaders: headers});
+    }
+    return next.handle(requestToForward);
+  }
+}

frontend/src/ts/modules/webbpm/interceptor/default-interceptors.prod.ts

@@ -4,9 +4,11 @@ import {
   HttpSecurityErrorInterceptor,
   HttpSecurityInterceptor
 } from "@webbpm/base-package";
+import {AbsoluteUrlCsrfInterceptor} from "./absolute-url-csrf.interceptor";
 
 export const DEFAULT_HTTP_INTERCEPTOR_PROVIDERS = [
   {provide: HTTP_INTERCEPTORS, useClass: HttpSecurityInterceptor, multi: true},
   {provide: HTTP_INTERCEPTORS, useClass: HttpSecurityErrorInterceptor, multi: true},
-  {provide: HTTP_INTERCEPTORS, useClass: FormDirtyInterceptor, multi: true}
+  {provide: HTTP_INTERCEPTORS, useClass: FormDirtyInterceptor, multi: true},
+  {provide: HTTP_INTERCEPTORS, useClass: AbsoluteUrlCsrfInterceptor, multi: true}
 ];

frontend/src/ts/modules/webbpm/interceptor/default-interceptors.ts

@@ -1,9 +1,11 @@
 import {HTTP_INTERCEPTORS} from "@angular/common/http";
 import {FormDirtyInterceptor, HttpSecurityInterceptor} from "@webbpm/base-package";
 import {DevHttpSecurityErrorInterceptor} from "./http-security-error-interceptor.dev";
+import {AbsoluteUrlCsrfInterceptor} from "./absolute-url-csrf.interceptor";
 
 export const DEFAULT_HTTP_INTERCEPTOR_PROVIDERS = [
   {provide: HTTP_INTERCEPTORS, useClass: HttpSecurityInterceptor, multi: true},
   {provide: HTTP_INTERCEPTORS, useClass: DevHttpSecurityErrorInterceptor, multi: true},
-  {provide: HTTP_INTERCEPTORS, useClass: FormDirtyInterceptor, multi: true}
+  {provide: HTTP_INTERCEPTORS, useClass: FormDirtyInterceptor, multi: true},
+  {provide: HTTP_INTERCEPTORS, useClass: AbsoluteUrlCsrfInterceptor, multi: true},
 ];

frontend/src/ts/modules/webbpm/webbpm.module.ts

@@ -17,6 +17,8 @@ import {
 import {AppRoutingModule} from "../app/app-routing.module";
 import {GlobalErrorHandler} from "./handler/global-error.handler.prod";
 import {DEFAULT_HTTP_INTERCEPTOR_PROVIDERS} from "./interceptor/default-interceptors.prod";
+import {HttpClientModule, HttpClientXsrfModule} from "@angular/common/http";
+import {TokenConstants} from "../security/TokenConstants";
 
 let IMPORTS = [
   BrowserAnimationsModule,
@@ -30,7 +32,10 @@ let IMPORTS = [
   CoreModule,
   ComponentsModule,
   AppModule,
-  WebbpmRoutingModule
+  WebbpmRoutingModule,
+  HttpClientModule,
+  HttpClientXsrfModule.withOptions(
+      {cookieName: TokenConstants.CSRF_TOKEN_NAME, headerName: TokenConstants.CSRF_HEADER_NAME})
 ];
 
 @NgModule({