From: Bill Erickson Date: Mon, 31 Oct 2016 21:45:10 +0000 (-0400) Subject: Angular selfcheck WIP -- restrict auth cookie X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=f0e6e67cc1c815bca33062ad62d0cb07a064a7d9;p=working%2FEvergreen.git Angular selfcheck WIP -- restrict auth cookie Signed-off-by: Bill Erickson --- diff --git a/Open-ILS/web/js/ui/default/staff/app.js b/Open-ILS/web/js/ui/default/staff/app.js index 4cf388ce85..91cfd376e3 100644 --- a/Open-ILS/web/js/ui/default/staff/app.js +++ b/Open-ILS/web/js/ui/default/staff/app.js @@ -97,6 +97,14 @@ function($routeProvider , $locationProvider) { // if at least one workstation exists, it must be used. if (!args.workstation && $scope.workstations.length > 0) return; + if ($location.search().restrict_path) { + // Limit staff login access to this path plus any + // sub-paths. Attempts to navigate to another part + // of the application will result in a new login dialog. + egCore.hatch.cookiePath = + egCore.env.basePath + $location.search().restrict_path; + } + args.type = 'staff'; egCore.auth.login(args).then( diff --git a/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js b/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js index cdc5679a90..b8a9aadce4 100644 --- a/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js +++ b/Open-ILS/web/js/ui/default/staff/circ/selfcheck/app.js @@ -52,6 +52,9 @@ angular.module('egSelfCheckApp', egCore.env.loadClasses.push('aous'); + // Limit self-check staff logins to the selfcheck path. + egCore.startup.restrictLoginPath = 'circ/selfcheck'; + return egCore.startup.go().then(function() { // TODO load other startup data. }); diff --git a/Open-ILS/web/js/ui/default/staff/services/hatch.js b/Open-ILS/web/js/ui/default/staff/services/hatch.js index 4fee7cb5c9..bf2d7c65c9 100644 --- a/Open-ILS/web/js/ui/default/staff/services/hatch.js +++ b/Open-ILS/web/js/ui/default/staff/services/hatch.js @@ -62,6 +62,10 @@ angular.module('egCoreMod') return oncall; } + // Defaults to path. Overrride to limit loginSessionItems to + // a sub-path of the /eg/staff application. + service.cookiePath = null; + // write a message to the Hatch port service.sendToHatch = function(msg) { var msg2 = {}; @@ -319,7 +323,14 @@ angular.module('egCoreMod') service.addLoginSessionKey(key); if (jsonified === undefined ) jsonified = JSON.stringify(value); - $cookies.put(key, jsonified); + + var options = {secure : true}; // cookie options + if (service.cookiePath) { + console.debug('Using LoginSessionItem path ' + service.cookiePath); + options.path = service.cookiePath; + } + + $cookies.put(key, jsonified, options); } // Set the value for the given key. diff --git a/Open-ILS/web/js/ui/default/staff/services/startup.js b/Open-ILS/web/js/ui/default/staff/services/startup.js index 038eb2dfc2..541b7c2a51 100644 --- a/Open-ILS/web/js/ui/default/staff/services/startup.js +++ b/Open-ILS/web/js/ui/default/staff/services/startup.js @@ -56,11 +56,20 @@ function($q, $rootScope, $location, $window, egIDL, egAuth, egEnv , egOrg // change locations to the login page, using the current page // as the 'route_to' destination on /login - $window.location.href = $location - .path('/login') - .search({route_to : - $window.location.pathname + $window.location.search}) - .absUrl(); + // Compile the URL manually in lieu of using $location.path(..) / + // $location.search(...) to avoid intermediate route changes. + var newUrl = + egEnv.basePath + // /eg/staff/ + 'login' + + '?route_to=' + encodeURIComponent( + $window.location.pathname + $window.location.search); + + if (service.restrictLoginPath) { + newUrl += '&restrict_path=' + + encodeURIComponent(service.restrictLoginPath); + } + + $window.location.href = newUrl; return false; }