From 2d22f6fa3d591dfcf9d3dad5f96e10fbb09964a8 Mon Sep 17 00:00:00 2001 From: Ray Schamp Date: Fri, 9 Sep 2016 10:02:32 -0400 Subject: [PATCH] Merge pull request #912 from rschamp/bugfix/http-only-session Remove interactions with session cookie --- src/lib/jar.js | 13 +++++++---- src/redux/permissions.js | 20 ++++++++++++++-- src/redux/reducer.js | 2 -- src/redux/session.js | 4 +--- src/redux/token.js | 49 ---------------------------------------- 5 files changed, 27 insertions(+), 61 deletions(-) delete mode 100644 src/redux/token.js diff --git a/src/lib/jar.js b/src/lib/jar.js index b5a16846c..8f308ca5b 100644 --- a/src/lib/jar.js +++ b/src/lib/jar.js @@ -1,4 +1,5 @@ var cookie = require('cookie'); +var defaults = require('lodash.defaults'); var xhr = require('xhr'); var pako = require('pako'); @@ -69,11 +70,13 @@ var Jar = { }); }); }, - set: function (name, value) { - var obj = cookie.serialize(name, value); - var expires = '; expires=' + new Date(new Date().setYear(new Date().getFullYear() + 1)).toUTCString(); - var path = '; path=/'; - document.cookie = obj + expires + path; + set: function (name, value, opts) { + defaults(opts, { + expires: new Date(new Date().setYear(new Date().getFullYear() + 1)), + path: '/' + }); + var obj = cookie.serialize(name, value, opts); + document.cookie = obj; }, getUnsignedValue: function (cookieName, signedValue, callback) { // Get a value from a signed object diff --git a/src/redux/permissions.js b/src/redux/permissions.js index c741ee865..0530cb868 100644 --- a/src/redux/permissions.js +++ b/src/redux/permissions.js @@ -20,12 +20,28 @@ module.exports.permissionsReducer = function (state, action) { } }; +module.exports.storePermissions = function (permissions) { + permissions = permissions || {}; + return function (dispatch) { + jar.set('permissions', permissions, { + encode: function (value) { + return encodeURIComponent(JSON.stringify(value)); + } + }); + return dispatch(module.exports.setPermissions(permissions)); + }; +}; + module.exports.getPermissions = function () { return function (dispatch) { - jar.getUnsignedValue('scratchsessionsid', 'permissions', function (err, value) { + jar.get('permissions', function (err, value) { if (err) return dispatch(module.exports.setPermissionsError(err)); - value = value || {}; + try { + value = JSON.parse(decodeURIComponent(value)) || {}; + } catch (e) { + value = {}; + } return dispatch(module.exports.setPermissions(value)); }); }; diff --git a/src/redux/reducer.js b/src/redux/reducer.js index b7dd7b31d..8fd7231b4 100644 --- a/src/redux/reducer.js +++ b/src/redux/reducer.js @@ -4,11 +4,9 @@ var scheduleReducer = require('./conference-schedule.js').scheduleReducer; var detailsReducer = require('./conference-details.js').detailsReducer; var permissionsReducer = require('./permissions.js').permissionsReducer; var sessionReducer = require('./session.js').sessionReducer; -var tokenReducer = require('./token.js').tokenReducer; var appReducer = combineReducers({ session: sessionReducer, - token: tokenReducer, permissions: permissionsReducer, conferenceSchedule: scheduleReducer, conferenceDetails: detailsReducer diff --git a/src/redux/session.js b/src/redux/session.js index 553228d6b..49dd51823 100644 --- a/src/redux/session.js +++ b/src/redux/session.js @@ -3,7 +3,6 @@ var defaults = require('lodash.defaults'); var api = require('../lib/api'); var permissionsActions = require('./permissions.js'); -var tokenActions = require('./token.js'); var Types = keyMirror({ SET_SESSION: null, @@ -86,12 +85,11 @@ module.exports.refreshSession = function () { window.location.pathname !== '/classes/student_password_reset/') { return window.location = '/classes/student_password_reset/'; } else { - dispatch(tokenActions.getToken()); dispatch(module.exports.setSession(body)); dispatch(module.exports.setStatus(module.exports.Status.FETCHED)); // get the permissions from the updated session - dispatch(permissionsActions.getPermissions()); + dispatch(permissionsActions.storePermissions(body.permissions)); return; } }); diff --git a/src/redux/token.js b/src/redux/token.js deleted file mode 100644 index cb4baaadb..000000000 --- a/src/redux/token.js +++ /dev/null @@ -1,49 +0,0 @@ -var keyMirror = require('keymirror'); -var jar = require('../lib/jar.js'); - -var Types = keyMirror({ - SET_TOKEN: null, - SET_TOKEN_ERROR: null, - USE_TOKEN: null -}); - -module.exports.tokenReducer = function (state, action) { - // Reducer for updating the api token - if (typeof state === 'undefined') { - state = ''; - } - switch (action.type) { - case Types.SET_TOKEN: - return action.token; - case Types.SET_TOKEN_ERROR: - // TODO: do something with the error - return state; - default: - return state; - } -}; - -module.exports.getToken = function () { - return function (dispatch) { - jar.getUnsignedValue('scratchsessionsid', 'token', function (err, value) { - if (err) return dispatch(module.exports.setTokenError(err)); - - value = value || ''; - return dispatch(module.exports.setToken(value)); - }); - }; -}; - -module.exports.setToken = function (token) { - return { - type: Types.SET_TOKEN, - token: token - }; -}; - -module.exports.setTokenError = function (error) { - return { - type: Types.SET_TOKEN_ERROR, - error: error - }; -};