Skip to content

Commit

Permalink
Add support for handling a CSRF token to pass-data-client
Browse files Browse the repository at this point in the history
  • Loading branch information
@markpatton
markpatton committed Jun 26, 2024
1 parent f7bf2ef commit f8669c8
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 13 deletions.
31 changes: 18 additions & 13 deletions pass-data-client/src/main/java/org/eclipse/pass/support/client/JsonApiPassClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,8 @@ public JsonApiPassClient(String baseUrl, String user, String pass) {
client_builder.addInterceptor(new OkHttpBasicAuthInterceptor(user, pass));
}

client_builder.addInterceptor(new OkHttpCsrfInterceptor());

client = client_builder.build();
moshi = create_moshi(false);

Expand Down Expand Up @@ -176,14 +178,16 @@ public <T extends PassEntity> void createObject(T obj) throws IOException {
String url = baseUrl + "data/" + get_json_type(obj.getClass());
RequestBody body = RequestBody.create(json, JSON_API_MEDIA_TYPE);
Request request = new Request.Builder().url(url).header("Accept", JSON_API_CONTENT_TYPE)
.addHeader("Content-Type", JSON_API_CONTENT_TYPE).post(body).build();
.header("Content-Type", JSON_API_CONTENT_TYPE).post(body).build();

try (Response response = client.newCall(request).execute()) {
String result = response.body().string();

if (!response.isSuccessful()) {
throw new IOException(
"Create failed: " + url + " returned " + response.code() + " " + response.body().string());
"Create failed: " + url + " returned " + response.code() + " " + result);
}
Document<T> result_doc = adapter.fromJson(response.body().string());
Document<T> result_doc = adapter.fromJson(result);
obj.setId(result_doc.requireData().getId());
setVersionIfNeeded(result_doc, obj);
}
Expand All @@ -204,14 +208,16 @@ public <T extends PassEntity> void updateObject(T obj) throws IOException {
String url = get_url(obj);
RequestBody body = RequestBody.create(json, JSON_API_MEDIA_TYPE);
Request request = new Request.Builder().url(url).header("Accept", JSON_API_CONTENT_TYPE)
.addHeader("Content-Type", JSON_API_CONTENT_TYPE).patch(body).build();
.header("Content-Type", JSON_API_CONTENT_TYPE).patch(body).build();

try (Response response = client.newCall(request).execute()) {
String result = response.body().string();

if (!response.isSuccessful()) {
throw new IOException(
"Update failed: " + url + " returned " + response.code() + " " + response.body().string());
"Update failed: " + url + " returned " + response.code() + " " + result);
}
Document<T> result_doc = adapter.fromJson(response.body().string());
Document<T> result_doc = adapter.fromJson(result);
setVersionIfNeeded(result_doc, obj);
}
}
Expand Down Expand Up @@ -557,7 +563,7 @@ public <T extends PassEntity> T getObject(Class<T> type, String id, String... in
HttpUrl url = url_builder.build();

Request request = new Request.Builder().url(url).header("Accept", JSON_API_CONTENT_TYPE)
.addHeader("Content-Type", JSON_API_CONTENT_TYPE).get().build();
.header("Content-Type", JSON_API_CONTENT_TYPE).get().build();

String body;
try (Response response = client.newCall(request).execute()) {
Expand Down Expand Up @@ -586,10 +592,11 @@ public <T extends PassEntity> void deleteObject(Class<T> type, String id) throws
String url = get_url(type, id);

Request request = new Request.Builder().url(url).delete().build();

try (Response response = client.newCall(request).execute()) {
if (!response.isSuccessful()) {
throw new IOException(
"Delete failed: " + url + " returned " + response.code() + " " + response.body().string());
"Delete failed: " + url + " returned " + response.code());
}
}
}
Expand Down Expand Up @@ -620,7 +627,7 @@ public <T extends PassEntity> PassClientResult<T> selectObjects(PassClientSelect
HttpUrl url = url_builder.build();

Request request = new Request.Builder().url(url).header("Accept", JSON_API_CONTENT_TYPE)
.addHeader("Content-Type", JSON_API_CONTENT_TYPE).get().build();
.header("Content-Type", JSON_API_CONTENT_TYPE).get().build();

String body;
try (Response response = client.newCall(request).execute()) {
Expand Down Expand Up @@ -700,17 +707,15 @@ public URI uploadBinary(String name, byte[] data) throws IOException {
.addEncodedPathSegment("file").build();

RequestBody body = new MultipartBody.Builder().setType(MultipartBody.FORM)
.addFormDataPart("file", name, RequestBody.create(data))
.build();
.addFormDataPart("file", name, RequestBody.create(data)).build();

Request request = new Request.Builder().url(url).post(body).build();

try (Response response = client.newCall(request).execute()) {

if (!response.isSuccessful()) {
throw new IOException(
"File upload failed: " + url + " returned " + response.code()
+ " " + response.body().string());
"File upload failed: " + url + " returned " + response.code());
}

// Grab the id field
Expand Down
23 changes: 23 additions & 0 deletions pass-data-client/src/main/java/org/eclipse/pass/support/client/OkHttpCsrfInterceptor.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
package org.eclipse.pass.support.client;

import java.io.IOException;

import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;

/**
* Add CSRF token as a header and cookie to requests.
* The token can have any value.
*/
public class OkHttpCsrfInterceptor implements Interceptor {
private static String CSRF_TOKEN = "anyvalue";

@Override
public Response intercept(Chain chain) throws IOException {
Request request = chain.request().newBuilder().header("X-XSRF-TOKEN", CSRF_TOKEN)
.header("Cookie", "XSRF-TOKEN=" + CSRF_TOKEN).build();

return chain.proceed(request);
}
}

0 comments on commit f8669c8

Please sign in to comment.