From 10c72e6483392a9b5e90db41ee5afd95d28b379b Mon Sep 17 00:00:00 2001 From: Saad Jutt Date: Wed, 11 May 2022 19:07:30 +0500 Subject: [PATCH] fix(login): making login requet with CSRF for SASJS server --- src/SASjs.ts | 9 ------ src/auth/AuthManager.ts | 65 +++++++++++++++-------------------------- 2 files changed, 24 insertions(+), 50 deletions(-) diff --git a/src/SASjs.ts b/src/SASjs.ts index 4fbc183..59fe1a4 100644 --- a/src/SASjs.ts +++ b/src/SASjs.ts @@ -592,15 +592,6 @@ export default class SASjs { 'A username and password are required when using the default login mechanism.' ) - if (this.sasjsConfig.serverType === ServerType.Sasjs) { - if (!clientId) - throw new Error( - 'A username, password and clientId are required when using the default login mechanism with server type SASJS.' - ) - - return this.authManager!.logInSasjs(username, password) - } - return this.authManager!.logIn(username, password) } diff --git a/src/auth/AuthManager.ts b/src/auth/AuthManager.ts index 4568af3..b78ecae 100644 --- a/src/auth/AuthManager.ts +++ b/src/auth/AuthManager.ts @@ -83,34 +83,6 @@ export class AuthManager { return { isLoggedIn: false, userName: '' } } - /** - * Logs into the SAS server with the supplied credentials. - * @param userName - a string representing the username. - * @param password - a string representing the password. - * @param clientId - a string representing the client ID. - * @returns - a boolean `isLoggedin` and a string `username` - */ - public async logInSasjs( - username: string, - password: string - ): Promise { - const isLoggedIn = await this.sendLoginRequestSasjs(username, password) - .then((res) => { - this.userName = username - this.requestClient.saveLocalStorageToken( - res.access_token, - res.refresh_token - ) - return true - }) - .catch(() => false) - - return { - isLoggedIn, - userName: this.userName - } - } - /** * Logs into the SAS server with the supplied credentials. * @param username - a string representing the username. @@ -147,7 +119,7 @@ export class AuthManager { let loginResponse = await this.sendLoginRequest(loginForm, loginParams) - let isLoggedIn = isLogInSuccess(loginResponse) + let isLoggedIn = isLogInSuccess(this.serverType, loginResponse) if (!isLoggedIn) { if (isCredentialsVerifyError(loginResponse)) { @@ -191,6 +163,17 @@ export class AuthManager { loginForm: { [key: string]: any }, loginParams: { [key: string]: any } ) { + if (this.serverType === ServerType.Sasjs) { + const { username, password } = loginParams + const { result: loginResponse } = await this.requestClient.post( + this.loginUrl, + { username, password }, + undefined + ) + + return loginResponse + } + for (const key in loginForm) { loginParams[key] = loginForm[key] } @@ -210,14 +193,6 @@ export class AuthManager { return loginResponse } - private async sendLoginRequestSasjs(username: string, password: string) { - const authCode = await getAuthCodeForSasjs( - this.requestClient, - username, - password - ) - return getAccessTokenForSasjs(this.requestClient, authCode) - } /** * Checks whether a session is active, or login is required. * @returns - a promise which resolves with an object containing three values @@ -238,8 +213,7 @@ export class AuthManager { //Residue can happen in case of session expiration await this.logOut() - if (this.serverType !== ServerType.Sasjs) - loginForm = await this.getNewLoginForm() + loginForm = await this.getNewLoginForm() } return Promise.resolve({ @@ -250,6 +224,12 @@ export class AuthManager { } private async getNewLoginForm() { + if (this.serverType === ServerType.Sasjs) { + // server will be sending CSRF cookie, + // http client will use it automatically + return this.requestClient.get('/', undefined) + } + const { result: formResponse } = await this.requestClient.get( this.loginUrl.replace('.do', ''), undefined, @@ -374,5 +354,8 @@ const isCredentialsVerifyError = (response: string): boolean => response ) -const isLogInSuccess = (response: string): boolean => - /You have signed in/gm.test(response) +const isLogInSuccess = (serverType: ServerType, response: any): boolean => { + if (serverType === ServerType.Sasjs) return response?.loggedin + + return /You have signed in/gm.test(response) +}