[pve-devel] [PATCH widget-toolkit] adapt auth utils for pve token authentication

Tim Marx t.marx at proxmox.com
Wed May 6 14:00:51 CEST 2020 

Signed-off-by: Tim Marx <t.marx at proxmox.com>
---
 Utils.js | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/Utils.js b/Utils.js
index 22eddd2..b190ce4 100644
--- a/Utils.js
+++ b/Utils.js
@@ -31,6 +31,10 @@ Ext.Ajax.on('beforerequest', function(conn, options) {
 	}
 	options.headers.CSRFPreventionToken = Proxmox.CSRFPreventionToken;
     }
+    var token = window.localStorage.getItem("PVEAPIToken");
+    if (token) {
+	options.headers.Authorization = 'PVEAPIToken=' + token;
+    }
 });
 
 Ext.define('Proxmox.Utils', { utilities: {
@@ -195,19 +199,26 @@ Ext.define('Proxmox.Utils', { utilities: {
     },
 
     setAuthData: function(data) {
-	Proxmox.CSRFPreventionToken = data.CSRFPreventionToken;
 	Proxmox.UserName = data.username;
 	Proxmox.LoggedOut = data.LoggedOut;
 	// creates a session cookie (expire = null)
 	// that way the cookie gets deleted after the browser window is closed
-	Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, data.ticket, null, '/', null, true);
+	if (data.ticket) {
+	    Proxmox.CSRFPreventionToken = data.CSRFPreventionToken;
+	    Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, data.ticket, null, '/', null, true);
+	}
+
+	if (data.token) {
+	    window.localStorage.setItem('PVEUserName', data.username);
+	    window.localStorage.setItem('PVEAPIToken', data.token);
+	}
     },
 
     authOK: function() {
 	if (Proxmox.LoggedOut) {
 	    return undefined;
 	}
-	return (Proxmox.UserName !== '') && Ext.util.Cookies.get(Proxmox.Setup.auth_cookie_name);
+	return Proxmox.UserName !== '' && (Ext.util.Cookies.get(Proxmox.Setup.auth_cookie_name) || window.localStorage.getItem("PVEAPIToken"));
     },
 
     authClear: function() {
@@ -215,6 +226,8 @@ Ext.define('Proxmox.Utils', { utilities: {
 	    return undefined;
 	}
 	Ext.util.Cookies.clear(Proxmox.Setup.auth_cookie_name);
+	window.localStorage.removeItem("PVEAPIToken");
+	window.localStorage.removeItem("PVEUserName");
     },
 
     // comp.setLoading() is buggy in ExtJS 4.0.7, so we
-- 
2.20.1

More information about the pve-devel mailing list