From: Bill Erickson Date: Mon, 31 Oct 2016 21:45:10 +0000 (-0400) Subject: Angular selfcheck WIP -- restrict auth cookie X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=b4ae726041d13ecd4d3752b8beb8677a31a316e6;p=working%2FEvergreen.git Angular selfcheck WIP -- restrict auth cookie Signed-off-by: Bill Erickson --- diff --git a/Open-ILS/web/js/ui/default/staff/app.js b/Open-ILS/web/js/ui/default/staff/app.js index 41910b9bec..c0e79b787c 100644 --- a/Open-ILS/web/js/ui/default/staff/app.js +++ b/Open-ILS/web/js/ui/default/staff/app.js @@ -92,6 +92,14 @@ function($routeProvider , $locationProvider) { if (! (args.username && args.password) ) return; + if ($location.search().restrict_path) { + // Limit staff login access to this path plus any + // sub-paths. Attempts to navigate to another part + // of the application will result in a new login dialog. + egCore.hatch.cookiePath = + egCore.env.basePath + $location.search().restrict_path; + } + args.type = 'staff'; egCore.auth.login(args).then( diff --git a/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js b/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js index cdc5679a90..b8a9aadce4 100644 --- a/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js +++ b/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js @@ -52,6 +52,9 @@ angular.module('egSelfCheckApp', egCore.env.loadClasses.push('aous'); + // Limit self-check staff logins to the selfcheck path. + egCore.startup.restrictLoginPath = 'circ/selfcheck'; + return egCore.startup.go().then(function() { // TODO load other startup data. }); diff --git a/Open-ILS/web/js/ui/default/staff/services/hatch.js b/Open-ILS/web/js/ui/default/staff/services/hatch.js index ff517fc940..593997815f 100644 --- a/Open-ILS/web/js/ui/default/staff/services/hatch.js +++ b/Open-ILS/web/js/ui/default/staff/services/hatch.js @@ -36,6 +36,10 @@ angular.module('egCoreMod') service.hatchAvailable = null; service.defaultHatchURL = 'wss://localhost:8443/hatch'; + // Defaults to path. Overrride to limit loginSessionItems to + // a sub-path of the /eg/staff application. + service.cookiePath = null; + // write a message to the Hatch websocket service.sendToHatch = function(msg) { var msg2 = {}; @@ -360,7 +364,14 @@ angular.module('egCoreMod') service.addLoginSessionKey(key); if (jsonified === undefined ) jsonified = JSON.stringify(value); - $cookies.put(key, jsonified); + + var options = {secure : true}; // cookie options + if (service.cookiePath) { + console.debug('Using LoginSessionItem path ' + service.cookiePath); + options.path = service.cookiePath; + } + + $cookies.put(key, jsonified, options); } // Set the value for the given key. diff --git a/Open-ILS/web/js/ui/default/staff/services/startup.js b/Open-ILS/web/js/ui/default/staff/services/startup.js index 670248ceae..69dbab27b3 100644 --- a/Open-ILS/web/js/ui/default/staff/services/startup.js +++ b/Open-ILS/web/js/ui/default/staff/services/startup.js @@ -30,11 +30,20 @@ function($q, $rootScope, $location, $window, egIDL, egAuth, egEnv) { // change locations to the login page, using the current page // as the 'route_to' destination on /login - $window.location.href = $location - .path('/login') - .search({route_to : - $window.location.pathname + $window.location.search}) - .absUrl(); + // Compile the URL manually in lieu of using $location.path(..) / + // $location.search(...) to avoid intermediate route changes. + var newUrl = + egEnv.basePath + // /eg/staff/ + 'login' + + '?route_to=' + encodeURIComponent( + $window.location.pathname + $window.location.search); + + if (service.restrictLoginPath) { + newUrl += '&restrict_path=' + + encodeURIComponent(service.restrictLoginPath); + } + + $window.location.href = newUrl; return false; }