StephanRichter
/
LightOidc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

implemented persistent sessions (not destroyed when broweser closed) – needs more work 

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
sqlite
Stephan Richter 2 months ago
parent
f0f170119b
commit
3e88c91154
5 changed files with 29 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      de.srsoftware.http/src/main/java/de/srsoftware/http/SessionToken.java
  2. 4
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java
  3. 8
      de.srsoftware.oidc.web/src/main/resources/en/login.html
  4. 7
      de.srsoftware.oidc.web/src/main/resources/en/scripts/login.js
  5. 1
      de.srsoftware.oidc.web/src/main/resources/en/todo.html

14
de.srsoftware.http/src/main/java/de/srsoftware/http/SessionToken.java
Unescape View File

@ -4,11 +4,21 @@ package de.srsoftware.http; @@ -4,11 +4,21 @@ package de.srsoftware.http;
import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Optional;
public class SessionToken extends Cookie {
private final String sessionId;
private static final DateTimeFormatter FORMAT = DateTimeFormatter.ofPattern("MM/dd/yyyy HH:mm:ss O");
public SessionToken(String sessionId, Instant expiration){
super("sessionToken", "%s; Path=/api; Expires=%s".formatted(sessionId,FORMAT.format(expiration.atZone(ZoneOffset.UTC))));
this.sessionId = sessionId;
}
public SessionToken(String sessionId) {
super("sessionToken", sessionId + "; Path=/api");
@ -17,8 +27,8 @@ public class SessionToken extends Cookie { @@ -17,8 +27,8 @@ public class SessionToken extends Cookie {
@Override
public <T extends Cookie> T addTo(Headers headers) {
headers.add("session", sessionId);
return (T)this; // super.addTo(headers);
headers.add("session", getValue());
return super.addTo(headers);
}
public static Optional<SessionToken> from(HttpExchange ex) {

4
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java
Unescape View File

@ -225,7 +225,7 @@ public class UserController extends Controller { @@ -225,7 +225,7 @@ public class UserController extends Controller {
var user = optUser.get();
users.updatePassword(user, newPass);
var session = sessions.createSession(user);
new SessionToken(session.id()).addTo(ex);
new SessionToken(session.id(),session.expiration()).addTo(ex);
return sendRedirect(ex, "/");
}
@ -266,7 +266,7 @@ public class UserController extends Controller { @@ -266,7 +266,7 @@ public class UserController extends Controller {
}
private boolean sendUserAndCookie(HttpExchange ex, Session session, User user) throws IOException {
new SessionToken(session.id()).addTo(ex);
new SessionToken(session.id(),session.expiration()).addTo(ex);
return sendContent(ex, user.map(false));
}

8
de.srsoftware.oidc.web/src/main/resources/en/login.html
Unescape View File

@ -28,6 +28,14 @@ @@ -28,6 +28,14 @@
<th>Error</th>
<td class="warning">Failed to log in!</td>
</tr>
<tr>
<td colspan="2">
<label>
<input type="checkbox" name="trust" checked="checked"/>
Quit session when browser is closed.
</label>
</td>
</tr>
<tr>
<td></td>
<td><button type="button" onClick="tryLogin()">Login</button></td>

7
de.srsoftware.oidc.web/src/main/resources/en/scripts/login.js
Unescape View File

@ -7,8 +7,13 @@ function doRedirect(){ @@ -7,8 +7,13 @@ function doRedirect(){
function handleLogin(response){
if (response.ok){
response.headers.forEach(function(val, key) {
console.log('header: '+key+' → '+val);
// in newer browsers, the cookie is set from fetch response. In older browsers this does not seem to work
if (key == 'session') document.cookie = 'sessionToken='+val+"; path=/api"
if (key == 'session') {
val = 'sessionToken='+val;
console.log('setting cookie: '+val);
document.cookie = val;
}
});
response.json().then(body => {
hide('error');

1
de.srsoftware.oidc.web/src/main/resources/en/todo.html
Unescape View File

@ -16,6 +16,7 @@ @@ -16,6 +16,7 @@
<li>implement token refresh</li>
<li>Verschlüsselung im config-File</li>
<li>Configuration im Frontend</li>
<li>Process <em>quit session when browser is closed</em> input on login</li>
</ul>
</div>
</body>

Write Preview
Loading…
Cancel
Save