working on javascript compatibility for old browsers

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>

de.srsoftware.http/src/main/java/de/srsoftware/http/SessionToken.java

@@ -2,6 +2,7 @@
 package de.srsoftware.http;
 
 
+import com.sun.net.httpserver.Headers;
 import com.sun.net.httpserver.HttpExchange;
 import java.util.Optional;
 
@@ -14,6 +15,12 @@ public class SessionToken extends Cookie {
 		this.sessionId = sessionId;
 	}
 
+	@Override
+	public <T extends Cookie> T addTo(Headers headers) {
+		headers.add("session", sessionId);
+		return (T)this;//super.addTo(headers);
+	}
+
 	public static Optional<SessionToken> from(HttpExchange ex) {
 		return Cookie.of(ex)
 		    .stream()

de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java

@@ -71,8 +71,8 @@ public class Application {
 		new Forward(INDEX).bindPath(ROOT).on(server);
 		new WellKnownController().bindPath(WELL_KNOWN).on(server);
 		new UserController(fileStore, fileStore, fileStore, staticPages).bindPath(API_USER).on(server);
-		var tokenControllerconfig = new TokenController.Configuration("https://lightoidc.srsoftware.de", 10);  // TODO configure or derive from hostname
+		var tokenControllerConfig = new TokenController.Configuration("https://lightoidc.srsoftware.de", 10);  // TODO configure or derive from hostname
-		new TokenController(fileStore, fileStore, keyManager, fileStore, tokenControllerconfig).bindPath(API_TOKEN).on(server);
+		new TokenController(fileStore, fileStore, keyManager, fileStore, tokenControllerConfig).bindPath(API_TOKEN).on(server);
 		new ClientController(fileStore, fileStore, fileStore).bindPath(API_CLIENT).on(server);
 		new KeyStoreController(keyStore).bindPath(JWKS).on(server);
 		new EmailController(fileStore, fileStore).bindPath(API_EMAIL).on(server);

de.srsoftware.oidc.web/src/main/resources/en/scripts/login.js

@@ -4,11 +4,16 @@
     return false;
 }
 
-async function handleLogin(response){
+function handleLogin(response){
     if (response.ok){ 
-        var body = await response.json();
+        response.headers.forEach(function(val, key) {
+            // in newer browsers, the cookie is set from fetch response. In older browsers this does not seem to work
+            if (key == 'session') document.cookie = 'sessionToken='+val+"; path=/api"
+        });
+       response.json().then(body => {
           hide('error');
           setTimeout(doRedirect,100);
+       });
     } else {
         show('error');
     }

de.srsoftware.oidc.web/src/main/resources/en/scripts/user.js

@@ -1,18 +1,21 @@
 var user = null;
-async function handleUser(response){
+
+function handleUser(response){
     if (response.status == UNAUTHORIZED) {
         login();
         return;
     }
     if (response.ok){
-        user = await response.json();
+        response.json().then(u => {
-        fetch(web+"/navigation.html").then(handleNavigation);
+            user = u;
+            fetch(web+"/navigation.html",{credentials:'include'}).then(handleNavigation);
+        });
     }
 }
 
-async function handleNavigation(response){
+function handleNavigation(response){
     if (response.ok){
-        var content = await response.text();
+        response.text().then(content => {
             var nav = document.getElementsByTagName('nav')[0];
             nav.innerHTML = content;
             var links = nav.getElementsByTagName('a');
@@ -21,7 +24,11 @@ async function handleNavigation(response){
                 var clazz = link.hasAttribute('class') ? link.getAttribute("class") : null;
                 if (clazz != null && !user.permissions.includes(clazz)) nav.removeChild(link);
             }
+        });
     }
 }
 
-fetch(user_controller+"/",{method:'POST'}).then(handleUser);
+fetch(user_controller+"/",{
+    method:'POST',
+    credentials:'include'
+}).then(handleUser);