Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
@edulix
edulix committed Nov 12, 2023
1 parent 2940401 commit 7229b3b
Show file tree
Hide file tree
Showing 2 changed files with 101 additions and 23 deletions.
85 changes: 74 additions & 11 deletions avRegistration/login-directive/login-directive.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ angular.module('avRegistration')
Patterns)
{
var OIDC_CSRF_COOKIE = "OIDC_CSRF";
var OIDC_ERROR_COOKIE = "OIDC_ERROR_COOKIE";
// we use it as something similar to a controller here
function link(scope, element, attrs)
{
Expand All @@ -58,7 +59,26 @@ angular.module('avRegistration')
var adminId = ConfigService.freeAuthId + '';
var autheventid = null;

function parseOidcErrorCookie()
{
if (!$cookies.get(OIDC_ERROR_COOKIE))
{
return null;
}

// validate csrf token format and data
return angular.fromJson($cookies.get(OIDC_ERROR_COOKIE));
}
scope.oidcError = parseOidcErrorCookie();
if (scope.oidcError) {
scope.selectedAltMethod = scope.oidcError.altAuthMethodId;
scope.error = $i18next(
'avRegistration.loginError.openid-connect.' + scope.oidcError.errorCodename,
{
support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"
}
);
}

// simply redirect to login
function simpleRedirectToLogin()
Expand Down Expand Up @@ -134,11 +154,40 @@ angular.module('avRegistration')
return decodeURIComponent(params[2].replace(/\+/g, ' '));
}

function setOIDCErrorCookie(errorCodename)
{
var options = {};
if (ConfigService.authTokenExpirationSeconds) {
options.expires = new Date(
Date.now() + 1000 * ConfigService.authTokenExpirationSeconds
);
}
$cookies.put(
OIDC_ERROR_COOKIE,
angular.toJson({
altAuthMethodId: scope.current_alt_auth_method_id,
eventId: scope.eventId,
errorCodename: errorCodename
}),
options
);
}

function setError(errorCodename, error)
{
scope.error = error;
if (scope.isOpenId) {
setOIDCErrorCookie(errorCodename);
redirectToLogin();
}
}

// Validates the CSRF token
function validateCsrfToken()
{
if (!$cookies.get(OIDC_CSRF_COOKIE))
{
setOIDCErrorCookie("unexpectedOIDCRedirect");
redirectToLogin();
return null;
}
Expand Down Expand Up @@ -179,6 +228,7 @@ angular.module('avRegistration')

if (!isCsrfValid)
{
setOIDCErrorCookie("invalidCsrf");
redirectToLogin();
return null;
}
Expand Down Expand Up @@ -569,7 +619,9 @@ angular.module('avRegistration')
var postfix = "_authevent_" + autheventid;
var options = {};
if (ConfigService.authTokenExpirationSeconds) {
options.expires = new Date(Date.now() + 1000 * ConfigService.authTokenExpirationSeconds);
options.expires = new Date(
Date.now() + 1000 * ConfigService.authTokenExpirationSeconds
);
}
$cookies.put("authevent_" + autheventid, autheventid, options);
$cookies.put("userid" + postfix, response.data.username, options);
Expand Down Expand Up @@ -644,25 +696,35 @@ angular.module('avRegistration')

$window.location.href = '/booth/' + autheventid + '/vote';
} else {
scope.error = $i18next(
'avRegistration.loginError.' + scope.method + '.unrecognizedServerResponse',
{support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"}
setError(
"unrecognizedServerResponse",
$i18next(
'avRegistration.loginError.' + scope.method + '.unrecognizedServerResponse',
{support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"}
)
);
}
} else {
scope.sendingData = false;
scope.error = $i18next(
'avRegistration.loginError.' + scope.method + '.invalidServerResponse',
{support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"}
setError(
"invalidServerResponse",
$i18next(
'avRegistration.loginError.' + scope.method + '.invalidServerResponse',
{support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"}
)
);
}
},
function onError(response) {
scope.sendingData = false;
var codename = response.data.error_codename;
scope.error = $i18next(
'avRegistration.loginError.' + scope.method + '.' + codename,
{support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"}

setError(
"codename",
$i18next(
'avRegistration.loginError.' + scope.method + '.' + codename,
{support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"}
)
);
}
);
Expand Down Expand Up @@ -901,7 +963,8 @@ angular.module('avRegistration')
if (
!scope.isOtl &&
!scope.isCensusQuery &&
!scope.withCode
!scope.withCode &&
!scope.oidcError
) {
scope.loginUser(true);
}
Expand Down
39 changes: 27 additions & 12 deletions dist/appCommon-v10.0.2.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -472,13 +472,28 @@ angular.module("avRegistration").config(function() {}), angular.module("avRegist
paramName2 = paramName2.replace(/[\[\]]/g, "\\$&"), params = new RegExp("[?&]" + paramName2 + "(=([^&#]*)|&|#|$)").exec(params);
return params ? params[2] ? decodeURIComponent(params[2].replace(/\+/g, " ")) : "" : null;
}
if (scope.isOpenId) {
function setOIDCErrorCookie(errorCodename) {
var options = {};
ConfigService.authTokenExpirationSeconds && (options.expires = new Date(Date.now() + 1e3 * ConfigService.authTokenExpirationSeconds)),
$cookies.put("OIDC_ERROR_COOKIE", angular.toJson({
altAuthMethodId: scope.current_alt_auth_method_id,
eventId: scope.eventId,
errorCodename: errorCodename
}), options);
}
function setError(errorCodename, error) {
scope.error = error, scope.isOpenId && (setOIDCErrorCookie(errorCodename), redirectToLogin());
}
if (scope.oidcError = $cookies.get("OIDC_ERROR_COOKIE") ? angular.fromJson($cookies.get("OIDC_ERROR_COOKIE")) : null,
scope.oidcError && (scope.selectedAltMethod = scope.oidcError.altAuthMethodId, scope.error = $i18next("avRegistration.loginError.openid-connect." + scope.oidcError.errorCodename, {
support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"
})), scope.isOpenId) {
if (!function() {
if ($cookies.get("OIDC_CSRF")) {
var csrf = scope.csrf = angular.fromJson($cookies.get("OIDC_CSRF")), uri = "?" + $window.location.hash.substr(1);
if ($cookies.remove("OIDC_CSRF"), !!csrf && angular.isObject(csrf) && angular.isString(csrf.randomState) && angular.isString(csrf.randomNonce) && angular.isString(csrf.providerId) && angular.isNumber(csrf.created) && angular.isDefined(csrf.altAuthMethodId) && getURIParameter("state", uri) === csrf.randomState && csrf.created - Date.now() < ConfigService.authTokenExpirationSeconds) return 1;
redirectToLogin();
} else redirectToLogin();
if (!$cookies.get("OIDC_CSRF")) return setOIDCErrorCookie("unexpectedOIDCRedirect"),
void redirectToLogin();
var csrf = scope.csrf = angular.fromJson($cookies.get("OIDC_CSRF")), uri = "?" + $window.location.hash.substr(1);
return $cookies.remove("OIDC_CSRF"), !!csrf && angular.isObject(csrf) && angular.isString(csrf.randomState) && angular.isString(csrf.randomNonce) && angular.isString(csrf.providerId) && angular.isNumber(csrf.created) && angular.isDefined(csrf.altAuthMethodId) && getURIParameter("state", uri) === csrf.randomState && csrf.created - Date.now() < ConfigService.authTokenExpirationSeconds ? 1 : (setOIDCErrorCookie("invalidCsrf"),
void redirectToLogin());
}()) return;
autheventid = scope.eventId = attrs.eventId = scope.csrf.eventId, scope.selectedAltMethod = scope.csrf.altAuthMethodId;
} else autheventid = scope.eventId = attrs.eventId;
Expand Down Expand Up @@ -606,17 +621,17 @@ angular.module("avRegistration").config(function() {}), angular.module("avRegist
sessionStartedAtMs: sessionStartedAtMs
};
}).value(), $window.sessionStorage.setItem("vote_permission_tokens", JSON.stringify(tokens)),
$window.location.href = "/booth/" + autheventid + "/vote") : scope.error = $i18next("avRegistration.loginError." + scope.method + ".unrecognizedServerResponse", {
$window.location.href = "/booth/" + autheventid + "/vote") : setError("unrecognizedServerResponse", $i18next("avRegistration.loginError." + scope.method + ".unrecognizedServerResponse", {
support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"
})) : (scope.sendingData = !1, scope.error = $i18next("avRegistration.loginError." + scope.method + ".invalidServerResponse", {
}))) : (scope.sendingData = !1, setError("invalidServerResponse", $i18next("avRegistration.loginError." + scope.method + ".invalidServerResponse", {
support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"
}));
})));
}, function(codename) {
scope.sendingData = !1;
codename = codename.data.error_codename;
scope.error = $i18next("avRegistration.loginError." + scope.method + "." + codename, {
setError("codename", $i18next("avRegistration.loginError." + scope.method + "." + codename, {
support: '<a href="mailto:' + ConfigService.contact.email + '" target="_blank">' + ConfigService.contact.email + "</a>"
});
}));
});
}
}, scope.getUriParam = function(paramName2) {
Expand Down Expand Up @@ -670,7 +685,7 @@ angular.module("avRegistration").config(function() {}), angular.module("avRegist
filledFields = _.filter(filledFields, function(el) {
return null !== el.value || "otp-code" === el.type;
});
!scope.isOpenId && filledFields.length !== scope.login_fields.length || scope.isOtl || scope.isCensusQuery || scope.withCode || scope.loginUser(!0);
!scope.isOpenId && filledFields.length !== scope.login_fields.length || scope.isOtl || scope.isCensusQuery || scope.withCode || scope.oidcError || scope.loginUser(!0);
}, scope.view = function(id) {
Authmethod.viewEvent(id).then(function(altAuthMethod) {
"ok" === altAuthMethod.data.status ? (scope.base_authevent = angular.copy(altAuthMethod.data.events),
Expand Down

0 comments on commit 7229b3b

Please sign in to comment.