Browse Source

implemented persistent sessions (not destroyed when broweser closed) – needs more work

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
sqlite
Stephan Richter 2 months ago
parent
commit
3e88c91154
  1. 14
      de.srsoftware.http/src/main/java/de/srsoftware/http/SessionToken.java
  2. 4
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java
  3. 8
      de.srsoftware.oidc.web/src/main/resources/en/login.html
  4. 7
      de.srsoftware.oidc.web/src/main/resources/en/scripts/login.js
  5. 1
      de.srsoftware.oidc.web/src/main/resources/en/todo.html

14
de.srsoftware.http/src/main/java/de/srsoftware/http/SessionToken.java

@ -4,11 +4,21 @@ package de.srsoftware.http;
import com.sun.net.httpserver.Headers; import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Optional; import java.util.Optional;
public class SessionToken extends Cookie { public class SessionToken extends Cookie {
private final String sessionId; private final String sessionId;
private static final DateTimeFormatter FORMAT = DateTimeFormatter.ofPattern("MM/dd/yyyy HH:mm:ss O");
public SessionToken(String sessionId, Instant expiration){
super("sessionToken", "%s; Path=/api; Expires=%s".formatted(sessionId,FORMAT.format(expiration.atZone(ZoneOffset.UTC))));
this.sessionId = sessionId;
}
public SessionToken(String sessionId) { public SessionToken(String sessionId) {
super("sessionToken", sessionId + "; Path=/api"); super("sessionToken", sessionId + "; Path=/api");
@ -17,8 +27,8 @@ public class SessionToken extends Cookie {
@Override @Override
public <T extends Cookie> T addTo(Headers headers) { public <T extends Cookie> T addTo(Headers headers) {
headers.add("session", sessionId); headers.add("session", getValue());
return (T)this; // super.addTo(headers); return super.addTo(headers);
} }
public static Optional<SessionToken> from(HttpExchange ex) { public static Optional<SessionToken> from(HttpExchange ex) {

4
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java

@ -225,7 +225,7 @@ public class UserController extends Controller {
var user = optUser.get(); var user = optUser.get();
users.updatePassword(user, newPass); users.updatePassword(user, newPass);
var session = sessions.createSession(user); var session = sessions.createSession(user);
new SessionToken(session.id()).addTo(ex); new SessionToken(session.id(),session.expiration()).addTo(ex);
return sendRedirect(ex, "/"); return sendRedirect(ex, "/");
} }
@ -266,7 +266,7 @@ public class UserController extends Controller {
} }
private boolean sendUserAndCookie(HttpExchange ex, Session session, User user) throws IOException { private boolean sendUserAndCookie(HttpExchange ex, Session session, User user) throws IOException {
new SessionToken(session.id()).addTo(ex); new SessionToken(session.id(),session.expiration()).addTo(ex);
return sendContent(ex, user.map(false)); return sendContent(ex, user.map(false));
} }

8
de.srsoftware.oidc.web/src/main/resources/en/login.html

@ -28,6 +28,14 @@
<th>Error</th> <th>Error</th>
<td class="warning">Failed to log in!</td> <td class="warning">Failed to log in!</td>
</tr> </tr>
<tr>
<td colspan="2">
<label>
<input type="checkbox" name="trust" checked="checked"/>
Quit session when browser is closed.
</label>
</td>
</tr>
<tr> <tr>
<td></td> <td></td>
<td><button type="button" onClick="tryLogin()">Login</button></td> <td><button type="button" onClick="tryLogin()">Login</button></td>

7
de.srsoftware.oidc.web/src/main/resources/en/scripts/login.js

@ -7,8 +7,13 @@ function doRedirect(){
function handleLogin(response){ function handleLogin(response){
if (response.ok){ if (response.ok){
response.headers.forEach(function(val, key) { response.headers.forEach(function(val, key) {
console.log('header: '+key+' → '+val);
// in newer browsers, the cookie is set from fetch response. In older browsers this does not seem to work // in newer browsers, the cookie is set from fetch response. In older browsers this does not seem to work
if (key == 'session') document.cookie = 'sessionToken='+val+"; path=/api" if (key == 'session') {
val = 'sessionToken='+val;
console.log('setting cookie: '+val);
document.cookie = val;
}
}); });
response.json().then(body => { response.json().then(body => {
hide('error'); hide('error');

1
de.srsoftware.oidc.web/src/main/resources/en/todo.html

@ -16,6 +16,7 @@
<li>implement token refresh</li> <li>implement token refresh</li>
<li>Verschlüsselung im config-File</li> <li>Verschlüsselung im config-File</li>
<li>Configuration im Frontend</li> <li>Configuration im Frontend</li>
<li>Process <em>quit session when browser is closed</em> input on login</li>
</ul> </ul>
</div> </div>
</body> </body>

Loading…
Cancel
Save