Merge pull request #2324 from constantine2nd/develop

Add props set_response_header_Set-Cookie
OpenBankProject · Nov 15, 2023 · f272bf1 · f272bf1
2 parents 661aa08 + 2a92494
commit f272bf1
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 18 deletions.
diff --git a/obp-api/src/main/resources/props/sample.props.template b/obp-api/src/main/resources/props/sample.props.template
@@ -1271,4 +1271,6 @@ show_ip_address_change_warning=false
 expectedOpenFuturesPerService=100
 
 # Enable /Disable IBAN validation
-validate_iban=false
+validate_iban=false
+
+set_response_header_Set-Cookie = "Path=/; HttpOnly; Secure"
diff --git a/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala b/obp-api/src/main/scala/bootstrap/liftweb/Boot.scala
@@ -679,8 +679,17 @@ class Boot extends MdcLoggable {
       case _ => locale
     }
 
+
+    val setCookieHeader: (String, String) = getPropsValue("set_response_header_Set-Cookie") match {
+      case Full(value) => ("Set-Cookie", value)
+      case _ => ("Set-Cookie", "Path=/; HttpOnly; Secure")
+    }
     //for XSS vulnerability, set X-Frame-Options header as DENY
-    LiftRules.supplementalHeaders.default.set(List(("X-Frame-Options", "DENY")))
+    LiftRules.supplementalHeaders.default.set(
+      ("X-Frame-Options", "DENY") ::
+        setCookieHeader ::
+        Nil
+    )
 
     // Make a transaction span the whole HTTP request
     S.addAround(DB.buildLoanWrapper)

diff --git a/obp-api/src/main/webapp/media/js/inactivity-timer.js b/obp-api/src/main/webapp/media/js/inactivity-timer.js
@@ -0,0 +1,36 @@
+function addSeconds(date, seconds) {
+  date.setSeconds(date.getSeconds() + seconds);
+  return date;
+}
+
+export function showCountdownTimer() {
+
+  // Get current date and time
+  var now = new Date().getTime();
+  let distance = countDownDate - now;
+
+  // Output the result in an element with id="countdown-timer-span"
+  let elementId = ("countdown-timer-span");
+  document.getElementById(elementId).innerHTML = "in " + Math.floor(distance / 1000) + "s";
+
+  // If the count down is over release resources
+  if (distance < 0) {
+    destroyCountdownTimer();
+  }
+}
+
+
+// Set the date we're counting down to
+let countDownDate = addSeconds(new Date(), 5);
+
+let showTimerInterval = null;
+
+export function destroyCountdownTimer() {
+    clearInterval(showTimerInterval);
+}
+
+export function resetCountdownTimer(seconds) {
+    destroyCountdownTimer(); // Destroy previous timer if any
+    countDownDate = addSeconds(new Date(), seconds); // Set the date we're counting down to
+    showTimerInterval = setInterval(showCountdownTimer, 1000); // Update the count down every 1 second
+}
diff --git a/obp-api/src/main/webapp/media/js/inactivity.js b/obp-api/src/main/webapp/media/js/inactivity.js
@@ -1,5 +1,7 @@
-// holds the idle duration in ms (current value = 2 minutes)
-var timeoutInterval = 120000;
+import * as countdownTimer from './inactivity-timer.js'
+
+// holds the idle duration in ms (current value = 5 minutes)
+var timeoutInterval = 5 * 60 * 1000;
 // holds the timeout variables for easy destruction and reconstruction of the setTimeout hooks
 var timeHook = null;
 
@@ -20,6 +22,7 @@ function resetTimeHook() {
     // this method replaces the current time hook with a new time hook
     destroyTimeHook();
     initializeTimeHook();
+    countdownTimer.resetCountdownTimer(timeoutInterval / 1000);
     console.log("Reset inactivity of a user");
 }
 
@@ -44,20 +47,23 @@ function destroyListeners() {
 }
 
 function logout() {
-    const elem = document.getElementById("loggedIn-username");
-    if(elem) {
-        location.href = '/user_mgt/logout';
-        destroyListeners();
-        console.log("Logging you out due to inactivity..");
-    }
+    destroyListeners();
+    countdownTimer.destroyCountdownTimer();
+    location.href = '/user_mgt/logout';
+    console.log("Logging you out due to inactivity..");
 }
 
 // self executing function to trigger the operation on page load
 (function () {
-    // to prevent any lingering timeout handlers preventing memory leaks
-    destroyTimeHook();
-    // setup a fresh time hook
-    initializeTimeHook();
-    // setup initial event listeners
-    setupListeners();
+    const elem = document.getElementById("loggedIn-username");
+    if(elem) {
+        // to prevent any lingering timeout handlers preventing memory leaks
+        destroyTimeHook();
+        // setup a fresh time hook
+        initializeTimeHook();
+        // setup initial event listeners
+        setupListeners();
+        // Reset countdown timer
+        countdownTimer.resetCountdownTimer(timeoutInterval / 1000);
+    }
 })();
diff --git a/obp-api/src/main/webapp/templates-hidden/default.html b/obp-api/src/main/webapp/templates-hidden/default.html
@@ -55,7 +55,7 @@
 	<script src="/media/js/moment-with-locales.min.js"></script>
 	<script src="/media/js/bootstrap-datetimepicker.min.js"></script>
 	<script src="/media/js/popper.min.js"></script>
-	<script defer src="/media/js/inactivity.js"></script> <!-- The script loads “in the background”, and then runs when the DOM is fully built. -->
+	<script type="module" defer src="/media/js/inactivity.js"></script> <!-- The script loads “in the background”, and then runs when the DOM is fully built. -->
 </head>
 <body id="page_init">
 	<div id="cookies-consent" data-lift="WebUI.cookieConsent">
@@ -144,7 +144,7 @@
 
 						<li class="navitem" data-lift="Login.loggedIn" >
 							<!-- LOGGED IN -->
-							<p class="navbar-btn"><a href="/user-information"><span id="loggedIn-username">username</span></a><a href="#" class="btn btn-default logout">Log off</a></p>
+							<p class="navbar-btn"><a href="/user-information"><span id="loggedIn-username">username</span></a><a href="#" class="btn btn-default logout">Log off <span id="countdown-timer-span" class="badge text-bg-primary"></span></a></p>
 						</li>
 					</ul>
 				</div><!--/.nav-collapse -->