From ee83fbfd910ed40fb8513c75432a7090058affdc Mon Sep 17 00:00:00 2001 From: Mark Patton Date: Mon, 10 Jun 2024 10:11:58 -0400 Subject: [PATCH] Add support for handling a CSRF token to pass-data-client --- .../support/client/JsonApiPassClient.java | 31 +++++++++++-------- .../support/client/OkHttpCsrfInterceptor.java | 23 ++++++++++++++ 2 files changed, 41 insertions(+), 13 deletions(-) create mode 100644 pass-data-client/src/main/java/org/eclipse/pass/support/client/OkHttpCsrfInterceptor.java diff --git a/pass-data-client/src/main/java/org/eclipse/pass/support/client/JsonApiPassClient.java b/pass-data-client/src/main/java/org/eclipse/pass/support/client/JsonApiPassClient.java index 90aff389..3aaf6471 100644 --- a/pass-data-client/src/main/java/org/eclipse/pass/support/client/JsonApiPassClient.java +++ b/pass-data-client/src/main/java/org/eclipse/pass/support/client/JsonApiPassClient.java @@ -97,6 +97,8 @@ public JsonApiPassClient(String baseUrl, String user, String pass) { client_builder.addInterceptor(new OkHttpBasicAuthInterceptor(user, pass)); } + client_builder.addInterceptor(new OkHttpCsrfInterceptor()); + client = client_builder.build(); moshi = create_moshi(false); @@ -176,14 +178,16 @@ public void createObject(T obj) throws IOException { String url = baseUrl + "data/" + get_json_type(obj.getClass()); RequestBody body = RequestBody.create(json, JSON_API_MEDIA_TYPE); Request request = new Request.Builder().url(url).header("Accept", JSON_API_CONTENT_TYPE) - .addHeader("Content-Type", JSON_API_CONTENT_TYPE).post(body).build(); + .header("Content-Type", JSON_API_CONTENT_TYPE).post(body).build(); try (Response response = client.newCall(request).execute()) { + String result = response.body().string(); + if (!response.isSuccessful()) { throw new IOException( - "Create failed: " + url + " returned " + response.code() + " " + response.body().string()); + "Create failed: " + url + " returned " + response.code() + " " + result); } - Document result_doc = adapter.fromJson(response.body().string()); + Document result_doc = adapter.fromJson(result); obj.setId(result_doc.requireData().getId()); setVersionIfNeeded(result_doc, obj); } @@ -204,14 +208,16 @@ public void updateObject(T obj) throws IOException { String url = get_url(obj); RequestBody body = RequestBody.create(json, JSON_API_MEDIA_TYPE); Request request = new Request.Builder().url(url).header("Accept", JSON_API_CONTENT_TYPE) - .addHeader("Content-Type", JSON_API_CONTENT_TYPE).patch(body).build(); + .header("Content-Type", JSON_API_CONTENT_TYPE).patch(body).build(); try (Response response = client.newCall(request).execute()) { + String result = response.body().string(); + if (!response.isSuccessful()) { throw new IOException( - "Update failed: " + url + " returned " + response.code() + " " + response.body().string()); + "Update failed: " + url + " returned " + response.code() + " " + result); } - Document result_doc = adapter.fromJson(response.body().string()); + Document result_doc = adapter.fromJson(result); setVersionIfNeeded(result_doc, obj); } } @@ -557,7 +563,7 @@ public T getObject(Class type, String id, String... in HttpUrl url = url_builder.build(); Request request = new Request.Builder().url(url).header("Accept", JSON_API_CONTENT_TYPE) - .addHeader("Content-Type", JSON_API_CONTENT_TYPE).get().build(); + .header("Content-Type", JSON_API_CONTENT_TYPE).get().build(); String body; try (Response response = client.newCall(request).execute()) { @@ -586,10 +592,11 @@ public void deleteObject(Class type, String id) throws String url = get_url(type, id); Request request = new Request.Builder().url(url).delete().build(); + try (Response response = client.newCall(request).execute()) { if (!response.isSuccessful()) { throw new IOException( - "Delete failed: " + url + " returned " + response.code() + " " + response.body().string()); + "Delete failed: " + url + " returned " + response.code()); } } } @@ -620,7 +627,7 @@ public PassClientResult selectObjects(PassClientSelect HttpUrl url = url_builder.build(); Request request = new Request.Builder().url(url).header("Accept", JSON_API_CONTENT_TYPE) - .addHeader("Content-Type", JSON_API_CONTENT_TYPE).get().build(); + .header("Content-Type", JSON_API_CONTENT_TYPE).get().build(); String body; try (Response response = client.newCall(request).execute()) { @@ -700,8 +707,7 @@ public URI uploadBinary(String name, byte[] data) throws IOException { .addEncodedPathSegment("file").build(); RequestBody body = new MultipartBody.Builder().setType(MultipartBody.FORM) - .addFormDataPart("file", name, RequestBody.create(data)) - .build(); + .addFormDataPart("file", name, RequestBody.create(data)).build(); Request request = new Request.Builder().url(url).post(body).build(); @@ -709,8 +715,7 @@ public URI uploadBinary(String name, byte[] data) throws IOException { if (!response.isSuccessful()) { throw new IOException( - "File upload failed: " + url + " returned " + response.code() - + " " + response.body().string()); + "File upload failed: " + url + " returned " + response.code()); } // Grab the id field diff --git a/pass-data-client/src/main/java/org/eclipse/pass/support/client/OkHttpCsrfInterceptor.java b/pass-data-client/src/main/java/org/eclipse/pass/support/client/OkHttpCsrfInterceptor.java new file mode 100644 index 00000000..de3076b7 --- /dev/null +++ b/pass-data-client/src/main/java/org/eclipse/pass/support/client/OkHttpCsrfInterceptor.java @@ -0,0 +1,23 @@ +package org.eclipse.pass.support.client; + +import java.io.IOException; + +import okhttp3.Interceptor; +import okhttp3.Request; +import okhttp3.Response; + +/** + * Add CSRF token as a header and cookie to requests. + * The token can have any value. + */ +public class OkHttpCsrfInterceptor implements Interceptor { + private static String CSRF_TOKEN = "anyvalue"; + + @Override + public Response intercept(Chain chain) throws IOException { + Request request = chain.request().newBuilder().header("X-XSRF-TOKEN", CSRF_TOKEN) + .header("Cookie", "XSRF-TOKEN=" + CSRF_TOKEN).build(); + + return chain.proceed(request); + } +}