Fix local auth session timeout (#4028)

* Ensure active dialog times out correctly - previously.. time out duration was checked every tick of `interval` - this slows down when tab is not active, leading to situation when session was inactive but time out counter was still ticking. Clickin 'yes' then lead to log out - now.. - tick as before but check timeout via date every time - also.. - added some code on the way that wasn't needed, but may be in the future - will delete later if not used * Fix usages of `new HttpHeaders()` - Changes following http to http client update - Some places have dropped `application/x-www-form-urlencoded`, this is automatically added - Now `x-cap-request-date` should correctly be sent * Fix local auth session timeout - The session expiry time was never updated upon successful `verify` requests - Now this is down at the top level session verify instead of within uaa verify
cloudfoundry · Dec 3, 2019 · ee9c4e0 · ee9c4e0
1 parent a9ebc28
commit ee9c4e0
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 24 deletions.
diff --git a/src/frontend/packages/store/src/effects/auth.effects.ts b/src/frontend/packages/store/src/effects/auth.effects.ts
@@ -1,4 +1,4 @@
-import { HttpClient, HttpHeaders, HttpParams } from '@angular/common/http';
+import { HttpClient, HttpParams } from '@angular/common/http';
 import { Injectable } from '@angular/core';
 import { Actions, Effect, ofType } from '@ngrx/effects';
 import { Store } from '@ngrx/store';
@@ -28,9 +28,9 @@ import {
 import { HydrateDashboardStateAction } from '../actions/dashboard-actions';
 import { GET_ENDPOINTS_SUCCESS, GetAllEndpointsSuccess } from '../actions/endpoint.actions';
 import { GetSystemInfo } from '../actions/system.actions';
+import { DispatchOnlyAppState } from '../app-state';
 import { getDashboardStateSessionId } from '../helpers/store-helpers';
 import { SessionData } from '../types/auth.types';
-import { DispatchOnlyAppState } from '../app-state';
 
 const SETUP_HEADER = 'stratos-setup-required';
 const UPGRADE_HEADER = 'retry-after';
@@ -50,18 +50,17 @@ export class AuthEffect {
   @Effect() loginRequest$ = this.actions$.pipe(
     ofType<Login>(LOGIN),
     switchMap(({ username, password }) => {
-      const encoder = new BrowserStandardEncoder();
-      const headers = new HttpHeaders();
       const params = new HttpParams({
         encoder: new BrowserStandardEncoder(),
         fromObject: {
           username,
           password
         }
       });
+      const headers = {
+        'x-cap-request-date': (Math.floor(Date.now() / 1000)).toString()
+      };
 
-      headers.set('Content-Type', 'application/x-www-form-urlencoded');
-      headers.set('x-cap-request-date', (Math.floor(Date.now() / 1000)).toString());
       return this.http.post('/pp/v1/auth/login/uaa', params, {
         headers,
       }).pipe(
@@ -72,8 +71,10 @@ export class AuthEffect {
   @Effect() verifyAuth$ = this.actions$.pipe(
     ofType<VerifySession>(VERIFY_SESSION),
     switchMap(action => {
-      const headers = new HttpHeaders();
-      headers.set('x-cap-request-date', (Math.floor(Date.now() / 1000)).toString());
+      const headers = {
+        'x-cap-request-date': (Math.floor(Date.now() / 1000)).toString()
+      };
+
       return this.http.get<SessionData>('/pp/v1/auth/session/verify', {
         headers,
         observe: 'response',

diff --git a/src/frontend/packages/store/src/effects/endpoint.effects.ts b/src/frontend/packages/store/src/effects/endpoint.effects.ts
@@ -1,4 +1,4 @@
-import { HttpClient, HttpErrorResponse, HttpHeaders, HttpParams } from '@angular/common/http';
+import { HttpClient, HttpErrorResponse, HttpParams } from '@angular/common/http';
 import { Injectable } from '@angular/core';
 import { Actions, Effect, ofType } from '@ngrx/effects';
 import { Store } from '@ngrx/store';
@@ -274,11 +274,8 @@ export class EndpointsEffect {
     errorMessageHandler?: (e: any) => string,
   ) {
     const endpointEntityKey = entityCatalogue.getEntityKey(apiAction);
-    const headers = new HttpHeaders();
-    headers.set('Content-Type', 'application/x-www-form-urlencoded');
     this.store.dispatch(new StartRequestAction(apiAction, apiActionType));
     return this.http.post(url, body || {}, {
-      headers,
       params
     }).pipe(
       mergeMap((endpoint: EndpointModel) => {

diff --git a/src/jetstream/authuaa.go b/src/jetstream/authuaa.go
@@ -151,11 +151,6 @@ func (a *uaaAuth) VerifySession(c echo.Context, sessionUser string, sessionExpir
 		if err = a.p.setSessionValues(c, sessionValues); err != nil {
 			return err
 		}
-	} else {
-		// Still need to extend the expires_on of the Session
-		if err = a.p.setSessionValues(c, nil); err != nil {
-			return err
-		}
 	}
 
 	return nil

diff --git a/src/jetstream/session.go b/src/jetstream/session.go
@@ -16,7 +16,6 @@ import (
 
 const (
 
-
 	// XSRFTokenHeader - XSRF Token Header name
 	XSRFTokenHeader = "X-Xsrf-Token"
 	// XSRFTokenSessionName - XSRF Token Session name
@@ -32,13 +31,8 @@ const (
 	jetstreamSessionName              = "console-session"
 	jetStreamSessionContextKey        = "jetstream-session"
 	jetStreamSessionContextUpdatedKey = "jetstream-session-updated"
-
 )
 
-
-
-
-
 // SessionValueNotFound - Error returned when a requested key was not found in the session
 type SessionValueNotFound struct {
 	msg string
@@ -254,6 +248,11 @@ func (p *portalProxy) verifySession(c echo.Context) error {
 
 	} else {
 
+		// Still need to extend the expires_on of the Session (set session will save session, in save we update `expires_on`)
+		if err = p.setSessionValues(c, nil); err != nil {
+			return err
+		}
+
 		err = p.handleSessionExpiryHeader(c)
 		if err != nil {
 			return err
@@ -272,6 +271,6 @@ func (p *portalProxy) verifySession(c echo.Context) error {
 			return err
 		}
 	}
-	
+
 	return err
 }