Merge pull request #1778 from minrk/xsrf

Include XSRF token in userprofile request
cylc · May 8, 2024 · 44ad373 · 44ad373
2 parents fff887e + 26a117d
commit 44ad373
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 20 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -60,6 +60,7 @@ below.
  - Jamie Allen
  - Christopher Bennett
  - Mark Dawson
+ - Min RK
 <!-- end-shortlog -->
 
 (All contributors are identifiable with email addresses in the git version

diff --git a/changes.d/1778.fix b/changes.d/1778.fix
@@ -0,0 +1 @@
+Compatibility with JupyterHub 4.1 XSRF changes
diff --git a/src/graphql/graphiql.js b/src/graphql/graphiql.js
@@ -18,7 +18,8 @@
 // Code related to GraphiQL
 
 import { parse } from 'graphql'
-import { createGraphQLUrls, getCylcHeaders } from '@/graphql/index'
+import { createGraphQLUrls } from '@/graphql/index'
+import { getCylcHeaders } from '@/utils/urls'
 
 // TODO: https://github.com/apollographql/GraphiQL-Subscriptions-Fetcher/issues/16
 //       the functions hasSubscriptionOperation and graphQLFetcher are both from

diff --git a/src/graphql/index.js b/src/graphql/index.js
@@ -27,7 +27,7 @@ import { WebSocketLink } from '@apollo/client/link/ws'
 import { setContext } from '@apollo/client/link/context'
 import { SubscriptionClient } from 'subscriptions-transport-ws'
 import { store } from '@/store/index'
-import { createUrl } from '@/utils/urls'
+import { createUrl, getCylcHeaders } from '@/utils/urls'
 
 /** @typedef {import('subscriptions-transport-ws').ClientOptions} ClientOptions */
 
@@ -46,21 +46,6 @@ export function createGraphQLUrls () {
   }
 }
 
-/**
- * Get request headers for use with UI Server requests.
- *
- * - Adds X-XSRFToken header for hubless token based auth.
- */
-export function getCylcHeaders () {
-  const xsrfToken = document.cookie.match('\\b_xsrf=([^;]*)\\b')
-  const cylcHeaders = {}
-  if (Array.isArray(xsrfToken) && xsrfToken.length > 0) {
-    // pick the last match
-    cylcHeaders['X-XSRFToken'] = xsrfToken.splice(-1)
-  }
-  return cylcHeaders
-}
-
 /**
  * Create a subscription client.
  *

diff --git a/src/services/user.service.js b/src/services/user.service.js
@@ -17,15 +17,18 @@
 
 import axios from 'axios'
 import User from '@/model/User.model'
-import { createUrl } from '@/utils/urls'
+import { createUrl, getCylcHeaders } from '@/utils/urls'
 
 class UserService {
   /**
    * Gets the user profile from the backend server.
    * @returns {Promise<*>} - a promise that dispatches Vuex action
    */
   getUserProfile () {
-    return axios.get(createUrl('userprofile')).then(({ data }) => {
+    return axios.get(
+      createUrl('userprofile'),
+      { headers: getCylcHeaders() },
+    ).then(({ data }) => {
       return new User(
         data.name,
         data.groups,

diff --git a/src/utils/urls.js b/src/utils/urls.js
@@ -72,6 +72,22 @@ function createUrl (path, websockets = false, baseOnly = false) {
   return normalize(url)
 }
 
+/**
+ * Get request headers for use with UI Server requests.
+ *
+ * - Adds X-XSRFToken header cookie-based auth.
+ */
+function getCylcHeaders () {
+  const xsrfToken = document.cookie.match('\\b_xsrf=([^;]*)\\b')
+  const cylcHeaders = {}
+  if (Array.isArray(xsrfToken) && xsrfToken.length > 0) {
+    // pick the last match
+    cylcHeaders['X-XSRFToken'] = xsrfToken.splice(-1)
+  }
+  return cylcHeaders
+}
+
 export {
-  createUrl
+  createUrl,
+  getCylcHeaders,
 }