wangchunlin
/
cvat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added force logout on CVAT app start if token is missing (#5331)

Browse Source
main
Kirill Lakhov 3 years ago committed by GitHub
parent 08dd27d993
commit 8705e2366c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG.md
Unescape Escape View File

@ -78,6 +78,7 @@ non-ascii paths while adding files from "Connected file share" (issue #4428)
(<https://github.com/opencv/cvat/issues/4839>) (<https://github.com/opencv/cvat/issues/4839>)
- Fixed job exporting (<https://github.com/opencv/cvat/pull/5282>) - Fixed job exporting (<https://github.com/opencv/cvat/pull/5282>)
- Visibility and ignored information fail to be loaded (MOT dataset format) (<https://github.com/opencv/cvat/pull/5270>) - Visibility and ignored information fail to be loaded (MOT dataset format) (<https://github.com/opencv/cvat/pull/5270>)
- Added force logout on CVAT app start if token is missing (<https://github.com/opencv/cvat/pull/5331>)
- Missed token with using social account authentication (<https://github.com/opencv/cvat/pull/5344>) - Missed token with using social account authentication (<https://github.com/opencv/cvat/pull/5344>)
### Security ### Security

2
cvat-core/package.json
Unescape Escape View File

@ -1,6 +1,6 @@
{ {
"name": "cvat-core", "name": "cvat-core",
"version": "7.2.0", "version": "7.2.1",
"description": "Part of Computer Vision Tool which presents an interface for client-side integration", "description": "Part of Computer Vision Tool which presents an interface for client-side integration",
"main": "src/api.ts", "main": "src/api.ts",
"scripts": { "scripts": {

6
cvat-core/src/server-proxy.ts
Unescape Escape View File

@ -456,7 +456,11 @@ class ServerProxy {
} }
} catch (serverError) { } catch (serverError) {
if (serverError.code === 401) { if (serverError.code === 401) {
removeToken(); // In CVAT app we use two types of authentication,
// So here we are forcing user have both credential types
// First request will fail if session is expired, then we check
// for precense of token
await logout();
return false; return false;
} }

2
cvat-ui/src/components/cvat-app.tsx
Unescape Escape View File

@ -436,7 +436,7 @@ class CVATApplication extends React.PureComponent<CVATAppProps & RouteComponentP
<Route exact path='/auth/login' component={LoginPageContainer} /> <Route exact path='/auth/login' component={LoginPageContainer} />
<Route <Route
exact exact
path='/auth/login-with-token/:sessionId/:token' path='/auth/login-with-token/:token'
component={LoginWithTokenComponent} component={LoginWithTokenComponent}
/> />
<Route exact path='/auth/password/reset' component={ResetPasswordPageComponent} /> <Route exact path='/auth/password/reset' component={ResetPasswordPageComponent} />

19
cvat-ui/src/components/login-with-token/login-with-token.tsx
Unescape Escape View File

@ -1,31 +1,26 @@
// Copyright (C) 2020-2022 Intel Corporation // Copyright (C) 2020-2022 Intel Corporation
// Copyright (C) 2022 CVAT.ai Corporation
// //
// SPDX-License-Identifier: MIT // SPDX-License-Identifier: MIT
import React, { useEffect } from 'react'; import React, { useEffect } from 'react';
import { Redirect, useParams, useLocation } from 'react-router'; import { Redirect, useParams, useLocation } from 'react-router';
import { useCookies } from 'react-cookie';
export default function LoginWithTokenComponent(): JSX.Element { export default function LoginWithTokenComponent(): JSX.Element {
const location = useLocation(); const location = useLocation();
const { sessionId, token } = useParams<{ sessionId: string; token: string }>(); const { token } = useParams<{ token: string }>();
const [cookies, setCookie] = useCookies(['sessionid', 'csrftoken']);
const expires1y = new Date(new Date().setFullYear(new Date().getFullYear() + 1));
const expires2w = new Date(new Date().setDate(new Date().getDate() + 13));
const search = new URLSearchParams(location.search); const search = new URLSearchParams(location.search);
setCookie('sessionid', sessionId, { path: '/', expires: expires2w });
setCookie('csrftoken', token, { path: '/', expires: expires1y });
useEffect( useEffect(
() => () => { () => {
window.location.reload(); localStorage.setItem('token', token);
return () => window.location.reload();
}, },
[cookies.sessionid, cookies.csrftoken], [token],
); );
if (cookies.sessionid && cookies.csrftoken) { if (token) {
return <Redirect to={search.get('next') || '/tasks'} />; return <Redirect to={search.get('next') || '/tasks'} />;
} }
return <></>; return <></>;

6
tests/cypress/integration/actions_users/issue_1810_login_logout.js
Unescape Escape View File

@ -66,10 +66,8 @@ context('When clicking on the Logout button, get the user session closed.', () =
password: Cypress.env('password'), password: Cypress.env('password'),
}, },
}).then(async (response) => { }).then(async (response) => {
const cookies = await response.headers['set-cookie']; const token = response.body.key;
const csrfToken = cookies[0].match(/csrftoken=\w+/)[0].replace('csrftoken=', ''); cy.visit(`/auth/login-with-token/${token}?next=/tasks/${taskId}`);
const sessionId = cookies[1].match(/sessionid=\w+/)[0].replace('sessionid=', '');
cy.visit(`/login-with-token/${sessionId}/${csrfToken}?next=/tasks/${taskId}`);
cy.contains('.cvat-task-details-task-name', `${taskName}`).should('be.visible'); cy.contains('.cvat-task-details-task-name', `${taskName}`).should('be.visible');
}); });
}); });

Write Preview
Loading…
Cancel
Save