[pve-devel] [PATCH widget-toolkit] adapt auth utils for pve token authentication

Thomas Lamprecht t.lamprecht at proxmox.com
Thu May 7 12:59:26 CEST 2020 

On 5/6/20 2:00 PM, Tim Marx wrote:
> Signed-off-by: Tim Marx <t.marx at proxmox.com>
> ---
>  Utils.js | 19 ++++++++++++++++---
>  1 file changed, 16 insertions(+), 3 deletions(-)
> 
> diff --git a/Utils.js b/Utils.js
> index 22eddd2..b190ce4 100644
> --- a/Utils.js
> +++ b/Utils.js
> @@ -31,6 +31,10 @@ Ext.Ajax.on('beforerequest', function(conn, options) {
>  	}
>  	options.headers.CSRFPreventionToken = Proxmox.CSRFPreventionToken;
>      }
> +    var token = window.localStorage.getItem("PVEAPIToken");

Hmm, I'd rather have this in a less product dependent wait, i.e., both
key and value saved there so that a future PMGAPIToken, or P??APIToken
works just out of the box.

> +    if (token) {
> +	options.headers.Authorization = 'PVEAPIToken=' + token;
> +    }
>  });
>  
>  Ext.define('Proxmox.Utils', { utilities: {
> @@ -195,19 +199,26 @@ Ext.define('Proxmox.Utils', { utilities: {
>      },
>  
>      setAuthData: function(data) {
> -	Proxmox.CSRFPreventionToken = data.CSRFPreventionToken;
>  	Proxmox.UserName = data.username;
>  	Proxmox.LoggedOut = data.LoggedOut;
>  	// creates a session cookie (expire = null)
>  	// that way the cookie gets deleted after the browser window is closed
> -	Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, data.ticket, null, '/', null, true);
> +	if (data.ticket) {
> +	    Proxmox.CSRFPreventionToken = data.CSRFPreventionToken;
> +	    Ext.util.Cookies.set(Proxmox.Setup.auth_cookie_name, data.ticket, null, '/', null, true);
> +	}
> +
> +	if (data.token) {
> +	    window.localStorage.setItem('PVEUserName', data.username);
> +	    window.localStorage.setItem('PVEAPIToken', data.token);
> +	}
>      },
>  
>      authOK: function() {
>  	if (Proxmox.LoggedOut) {
>  	    return undefined;
>  	}
> -	return (Proxmox.UserName !== '') && Ext.util.Cookies.get(Proxmox.Setup.auth_cookie_name);
> +	return Proxmox.UserName !== '' && (Ext.util.Cookies.get(Proxmox.Setup.auth_cookie_name) || window.localStorage.getItem("PVEAPIToken"));
>      },
>  
>      authClear: function() {
> @@ -215,6 +226,8 @@ Ext.define('Proxmox.Utils', { utilities: {
>  	    return undefined;
>  	}
>  	Ext.util.Cookies.clear(Proxmox.Setup.auth_cookie_name);
> +	window.localStorage.removeItem("PVEAPIToken");
> +	window.localStorage.removeItem("PVEUserName");
>      },
>  
>      // comp.setLoading() is buggy in ExtJS 4.0.7, so we
>

More information about the pve-devel mailing list