[CORL-680] Persist Fragment Access Tokens in sessionStorage (#2643)

* feat: persist access tokens passed via fragment to sessionStorage

* fix: review comments
This commit is contained in:
Wyatt Johnson
2019-10-18 16:08:43 +00:00
committed by GitHub
parent 9aa39bf842
commit 990a70d6f9
4 changed files with 46 additions and 13 deletions
+2 -1
View File
@@ -1,4 +1,5 @@
export const REDIRECT_PATH_KEY = "adminRedirectPath";
export const REDIRECT_PATH_KEY = "coral:adminRedirectPath";
export const ACCESS_TOKEN_KEY = "coral:accessToken";
export const HOTKEYS = {
NEXT: "j",
PREV: "k",
+40 -6
View File
@@ -1,8 +1,9 @@
import { commitLocalUpdate, Environment } from "relay-runtime";
import { REDIRECT_PATH_KEY } from "coral-admin/constants";
import { ACCESS_TOKEN_KEY, REDIRECT_PATH_KEY } from "coral-admin/constants";
import { clearHash, getParamsFromHash } from "coral-framework/helpers";
import { CoralContext } from "coral-framework/lib/bootstrap";
import { parseJWT } from "coral-framework/lib/jwt";
import { initLocalBaseState, LOCAL_ID } from "coral-framework/lib/relay";
/**
@@ -12,20 +13,53 @@ export default async function initLocalState(
environment: Environment,
context: CoralContext
) {
const { error = null, accessToken } = getParamsFromHash();
// Get the access token from the session storage.
let accessToken = await context.sessionStorage.getItem(ACCESS_TOKEN_KEY);
// Initialize the redirect path in case we don't need to redirect somewhere.
let redirectPath: string | null = null;
if (error || accessToken) {
// As there's an access token in the hash, let's clear it.
let error: string | null = null;
// Get all the parameters from the hash.
const params = getParamsFromHash();
if (params) {
// If there were params in the hash, then clear them!
clearHash();
// Keep redirect path as we are in the middle of an auth flow.
// If there was an error, add it.
if (params.error) {
error = params.error;
}
// If there was an access token, store it and replace the one that was in
// the session storage before.
if (params.accessToken) {
accessToken = params.accessToken;
await context.sessionStorage.setItem(ACCESS_TOKEN_KEY, accessToken);
}
// As we are in the middle of an auth flow (given that there was something
// in the hash) we should now grab the redirect path.
redirectPath =
(await context.localStorage.getItem(REDIRECT_PATH_KEY)) || null;
} else {
// Remove redirect path from local storage as we start a new auth flow.
// There was no auth flow in progress (given that we're now loading without
// a hash), so clear the redirect path just in case.
await context.localStorage.setItem(REDIRECT_PATH_KEY, "");
}
if (accessToken) {
// As there's a token on the request, decode it, and check to see if it's
// expired already. If it is, this will send them back to the error page.
const { payload } = parseJWT(accessToken);
if (payload && payload.exp) {
if (payload.exp - Date.now() / 1000 <= 0) {
accessToken = null;
await context.sessionStorage.removeItem(ACCESS_TOKEN_KEY);
}
}
}
await initLocalBaseState(environment, context, accessToken);
commitLocalUpdate(environment, s => {
@@ -2,13 +2,11 @@ import { parseQuery } from "coral-common/utils";
export default function getParamsFromHash() {
try {
const params = window.location.hash
return window.location.hash
? parseQuery(window.location.hash.substr(1))
: {};
return params;
: null;
} catch (err) {
window.console.error(err);
return {};
return null;
}
}
@@ -3,7 +3,7 @@ import getParamsFromHash from "./getParamsFromHash";
export default function getParamsFromHashAndClearIt() {
try {
const params = getParamsFromHash();
const params = getParamsFromHash() || {};
// Clear the hash contents.
clearHash();