GUACAMOLE-549: Store auth token within localStorage rather than cookie.

2025-10-31 00:53:21 +00:00 · 2018-04-18 20:44:08 -07:00
parent 1686e6f149
commit 884a9c0ee9
4 changed files with 14 additions and 19 deletions
--- a/guacamole/src/main/webapp/app/auth/authModule.js
+++ b/guacamole/src/main/webapp/app/auth/authModule.js
@@ -20,4 +20,6 @@
 /**
 * The module for authentication and management of tokens.
 */
-angular.module('auth', ['ngCookies']);
+angular.module('auth', [
+    'storage'
+]);
--- a/guacamole/src/main/webapp/app/auth/service/authenticationService.js
+++ b/guacamole/src/main/webapp/app/auth/service/authenticationService.js
@@ -46,10 +46,10 @@ angular.module('auth').factory('authenticationService', ['$injector',
    var Error                = $injector.get('Error');

    // Required services
-    var $cookieStore = $injector.get('$cookieStore');
-    var $http        = $injector.get('$http');
-    var $q           = $injector.get('$q');
-    var $rootScope   = $injector.get('$rootScope');
+    var $http               = $injector.get('$http');
+    var $q                  = $injector.get('$q');
+    var $rootScope          = $injector.get('$rootScope');
+    var localStorageService = $injector.get('localStorageService');

    var service = {};

@@ -62,12 +62,12 @@ angular.module('auth').factory('authenticationService', ['$injector',
    var cachedResult = null;

    /**
-     * The unique identifier of the local cookie which stores the result of the
-     * last authentication attempt.
+     * The unique identifier of the local storage key which stores the result
+     * of the last authentication attempt.
     *
     * @type String
     */
-    var AUTH_COOKIE_ID = "GUAC_AUTH";
+    var AUTH_STORAGE_KEY = 'GUAC_AUTH';

    /**
     * Retrieves the last successful authentication result. If the user has not
@@ -85,7 +85,7 @@ angular.module('auth').factory('authenticationService', ['$injector',
            return cachedResult;

        // Return explicit null if no auth data is currently stored
-        var data = $cookieStore.get(AUTH_COOKIE_ID);
+        var data = localStorageService.getItem(AUTH_STORAGE_KEY);
        if (!data)
            return null;

@@ -107,7 +107,7 @@ angular.module('auth').factory('authenticationService', ['$injector',
        // Clear the currently-stored result if the last attempt failed
        if (!data) {
            cachedResult = null;
-            $cookieStore.remove(AUTH_COOKIE_ID);
+            localStorageService.removeItem(AUTH_STORAGE_KEY);
        }

        // Otherwise store the authentication attempt directly
@@ -116,9 +116,9 @@ angular.module('auth').factory('authenticationService', ['$injector',
            // Always store in cache
            cachedResult = data;

-            // Store cookie ONLY if not anonymous
+            // Persist result past tab/window closure ONLY if not anonymous
            if (data.username !== AuthenticationResult.ANONYMOUS_USERNAME)
-                $cookieStore.put(AUTH_COOKIE_ID, data);
+                localStorageService.setItem(AUTH_STORAGE_KEY, data);

        }

--- a/guacamole/src/main/webapp/index.html
+++ b/guacamole/src/main/webapp/index.html
@@ -62,7 +62,6 @@

        <!-- AngularJS -->
        <script type="text/javascript" src="webjars/angular/1.3.16/angular.min.js"></script>
-        <script type="text/javascript" src="webjars/angular-cookies/1.3.16/angular-cookies.min.js"></script>
        <script type="text/javascript" src="webjars/angular-route/1.3.16/angular-route.min.js"></script>
        <script type="text/javascript" src="webjars/angular-touch/1.3.16/angular-touch.min.js"></script>