diff options
| -rw-r--r-- | src/router/index.js | 16 | ||||
| -rw-r--r-- | src/store/api.js | 6 | ||||
| -rw-r--r-- | src/store/modules/Authentication/AuthenticanStore.js | 43 |
3 files changed, 37 insertions, 28 deletions
diff --git a/src/router/index.js b/src/router/index.js index 22a3a8ceb..27fd96e65 100644 --- a/src/router/index.js +++ b/src/router/index.js @@ -42,11 +42,17 @@ router.beforeEach((to, from, next) => { // condition will get satisfied if user refreshed after login if (!currentUserRole && store.getters['authentication/isLoggedIn']) { // invoke API call to get the role ID - let username = localStorage.getItem('storedUsername'); - store.dispatch('authentication/getUserInfo', username).then(() => { - let currentUserRole = store.getters['global/userPrivilege']; - allowRouterToNavigate(to, next, currentUserRole); - }); + store + .dispatch('authentication/getSessionPrivilege') + .then(() => { + let currentUserRole = store.getters['global/userPrivilege']; + allowRouterToNavigate(to, next, currentUserRole); + }) + // our store got out of sync, start afresh + .catch(() => { + console.log('Failed to obtain current Roles, logging out.'); + store.dispatch('authentication/logout'); + }); } else { allowRouterToNavigate(to, next, currentUserRole); } diff --git a/src/store/api.js b/src/store/api.js index babed4c8a..0e119c287 100644 --- a/src/store/api.js +++ b/src/store/api.js @@ -39,7 +39,7 @@ api.interceptors.response.use(undefined, (error) => { // Check if action is unauthorized. if (response.status == 403) { - if (isPasswordExpired(response)) { + if (isPasswordExpired(response.data)) { router.push('/change-password'); } else { // Toast error message will appear on screen. @@ -92,8 +92,8 @@ export const getResponseCount = (responses) => { }; }; -export const isPasswordExpired = (response) => { - let extInfoMsgs = response?.data?.['@Message.ExtendedInfo']; +export const isPasswordExpired = (data) => { + let extInfoMsgs = data?.['@Message.ExtendedInfo']; return ( extInfoMsgs && extInfoMsgs.find( diff --git a/src/store/modules/Authentication/AuthenticanStore.js b/src/store/modules/Authentication/AuthenticanStore.js index 3122ab2f7..e876f780e 100644 --- a/src/store/modules/Authentication/AuthenticanStore.js +++ b/src/store/modules/Authentication/AuthenticanStore.js @@ -68,12 +68,13 @@ const AuthenticationStore = { UserName: username, Password: password, }) - .then((response) => { + .then(({ headers, data }) => { commit('authSuccess', { - session: response.headers['location'], - token: response.headers['x-auth-token'], + session: headers['location'], + token: headers['x-auth-token'], }); - return isPasswordExpired(response); + setSessionPrivilege(commit, data); + return isPasswordExpired(data); }) .catch((error) => { commit('authError'); @@ -83,27 +84,19 @@ const AuthenticationStore = { logout({ commit, state }) { api .delete(state.sessionURI) + .catch(() => + console.log( + "Couldn't DELETE Session, proceeding with the logout anyway to get in sync with the backend.", + ), + ) .then(() => commit('logout')) .then(() => router.push('/login')) .catch((error) => console.log(error)); }, - getUserInfo({ commit }, username) { + getSessionPrivilege({ commit, state }) { return api - .get(`/redfish/v1/AccountService/Accounts/${username}`) - .then(({ data }) => { - commit('global/setPrivilege', data.RoleId, { root: true }); - return data; - }) - .catch((error) => { - if (error.response?.status === 404) { - // We have valid credentials but user isn't known, assume remote - // authentication (e.g. LDAP) and do not restrict the routing - commit('global/setPrivilege', roles.administrator, { root: true }); - return {}; - } else { - console.log(error); - } - }); + .get(state.sessionURI) + .then(({ data }) => setSessionPrivilege(commit, data)); }, resetStoreState({ state }) { state.authError = false; @@ -113,4 +106,14 @@ const AuthenticationStore = { }, }; +const setSessionPrivilege = (commit, data) => { + // If the backend didn't provide the role information in the Session object + // our best bet is to assume the Administrator role to avoid hiding + // potentially useful UI elements. Everything security-sensitive is validated + // on the backend side anyway, so this is safe. + commit('global/setPrivilege', data.Roles?.[0] ?? roles.administrator, { + root: true, + }); +}; + export default AuthenticationStore; |