User logged in when IsAuthenticated cookie is set.
Related to https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/27270
Currently the only condition checked when user is logged in was the
"LOGIN_ID" value in browser session storage. The only place in the code
where it is set is the Basic Authorization flow.
In case of mTLS authentication, we are not able to set session storage
value. This is why additional 'IsAuthenticated' cookie is added.
In the case when user session expires, the failing XHR should cause the
page to redirect to the login prompt. Additionally, IsAuthenticated
cookie is removed to disable redirection.
Tested: verified the flow with the mTLS changes. User is put in the
webUI interface without login prompt when using mTLS authentication. If
the authentication fails, browser redirects to the login page.
Signed-off-by: Wiktor Gołgowski <wiktor.golgowski@intel.com>
Change-Id: Ia7061f3e146c6547d4bfdf42940150b1a5c06903
diff --git a/app/common/services/userModel.js b/app/common/services/userModel.js
index f73c7a8..ca90165 100644
--- a/app/common/services/userModel.js
+++ b/app/common/services/userModel.js
@@ -11,8 +11,8 @@
'use strict';
angular.module('app.common.services').service('userModel', [
- 'APIUtils',
- function(APIUtils) {
+ '$cookies', 'APIUtils',
+ function($cookies, APIUtils) {
return {
login: function(username, password, callback) {
APIUtils.login(username, password, function(response, error) {
@@ -35,7 +35,9 @@
});
},
isLoggedIn: function() {
- if (sessionStorage.getItem('LOGIN_ID') === null) {
+ if ((sessionStorage.getItem('LOGIN_ID') === null) &&
+ (($cookies.get('IsAuthenticated') === undefined) ||
+ ($cookies.get('IsAuthenticated') == 'false'))) {
return false;
}
return true;
@@ -46,6 +48,7 @@
response.status == APIUtils.API_RESPONSE.SUCCESS_STATUS) {
sessionStorage.removeItem('LOGIN_ID');
sessionStorage.removeItem(APIUtils.HOST_SESSION_STORAGE_KEY);
+ $cookies.remove('IsAuthenticated');
callback(true);
} else if (response.status == APIUtils.API_RESPONSE.ERROR_STATUS) {
callback(false);
diff --git a/app/index.js b/app/index.js
index eb27a34..57d031b 100644
--- a/app/index.js
+++ b/app/index.js
@@ -126,7 +126,7 @@
// Dependencies
'ngRoute', 'angular-clipboard', 'ngToast', 'ngAnimate',
'ngMessages', 'app.common.directives.dirPagination', 'ngSanitize',
- 'ui.bootstrap',
+ 'ui.bootstrap', 'ngCookies',
// Basic resources
'app.common.services', 'app.common.directives',
'app.common.filters', 'app.common.components',
@@ -184,8 +184,8 @@
}
])
.run([
- '$rootScope', '$location', 'dataService', 'userModel',
- function($rootScope, $location, dataService, userModel) {
+ '$rootScope', '$location', 'dataService', 'userModel', '$cookies',
+ function($rootScope, $location, dataService, userModel, $cookies) {
$rootScope.dataService = dataService;
dataService.path = $location.path();
$rootScope.$on('$routeChangeStart', function(event, next, current) {
@@ -219,7 +219,10 @@
});
$rootScope.$on('timedout-user', function() {
+ console.log('timedout-user event triggered');
sessionStorage.removeItem('LOGIN_ID');
+ $cookies.remove('IsAuthenticated');
+
$location.path('/login');
});
}