Angularjs在标题中没有令牌

时间:2016-12-16 09:53:27

标签: angularjs scala cookies csrf access-token

我不理解某些东西或遗漏了我认为的东西。 我有一个LoginPage来授权用户(即Angularjs 1.5) 作为后端,我有一个Scala / Play应用程序来验证用户和密码 所以现在我有一个问题,在登录服务中一切都很好

        var token = $cookies["XSRF-TOKEN"];
        if (token) {
            $http.get('http://localhost:9000/ping')
                .then(
                    function (response) {
                        return $http.get("http://localhost:9000/users/" + response.data.userId)
                    }, function (response) {
                        token = undefined;
                        $cookies["XSRF-TOKEN"] = undefined;
                        return $q.reject("Token invalid");
                    }
                    ).then(
                        function (response) {
                            console.log(response.data);
                        }, function (response) {
                    console.log("error");
                }
            );
        }
        $http.post('http://localhost:9000/login', user)
            .then(function (response) {
            token = response.data.authToken;
            console.log(token);
            var userId = response.data.userId;
            return $http.get('http://localhost:9000/users/' +  userId)
        }, function (response) {
                console.log(response.data.err);
                // return 'empty' promise so the right `then` function is called
                return $q.reject("Login failed");
            }).then(
            function (response) {
                console.log(response);
            }
        )
    }

当我现在想通过登录登录时,一切都很好 enter image description here

但在下一种情况下,我向api发送一个get请求,并想检查xsrf cookie,但没有发送cookie。 401 statuscode

这是Scala中的安全特性 -

    def HasToken[A](p: BodyParser[A] = parse.anyContent)(f: String => Long => Request[A] => Result): Action[A] =
Action(p) { implicit request =>
  val maybeToken = request.headers.get(AuthTokenHeader).orElse(request.getQueryString(AuthTokenUrlKey))
  maybeToken flatMap { token =>
    cache.get[Long](token) map { userid =>
      f(token)(userid)(request)
    }
  } getOrElse Unauthorized(Json.obj("err" -> "No Token"))
}

所以现在我的问题是 - 标题令牌在哪里?

更新: 这是我的app.js

    'use strict';

    function testInterceptor($rootScope, $q, $timeout) {
    return function(promise) {
        return promise.then(
            function(response) {
                return response;
            },
            function(response) {
                if (response.status == 401) {
                    $rootScope.$broadcast("InvalidToken");
                    $rootScope.sessionExpired = true;
                    $timeout(function() {$rootScope.sessionExpired = false;}, 5000);
                } else if (response.status == 403) {
                    $rootScope.$broadcast("InsufficientPrivileges");
                } else {
                    // Here you could handle other status codes, e.g. retry a 404
                }
                return $q.reject(response);
            }
        );
    };
}

var app=angular.module('telephone', ['ngRoute', 'ngCookies']);
app.factory('testInterceptor', testInterceptor);
app.config(["$httpProvider", "$routeProvider",function ($httpProvider, $routeProvider) {

    $httpProvider.interceptors.push('testInterceptor');

    $routeProvider.when('/login', {templateUrl: '../partials/login.html', controller: 'loginController'});
    $routeProvider.otherwise({redirectTo: '/login'});
}]);

1 个答案:

答案 0 :(得分:0)

我认为您需要在默认标头中为下一个请求添加令牌,以便您可以像这样添加

function SetCredentials(user) {
                $http.defaults.headers.common["Authorization"] = 'Bearer ' + user.access_token;
               //Here Token added in header
                $rootScope.globals = {
                    currentUser: {
                        username: user.userName,
                        authdata: user.access_token,
                        userid: user.userId,
                    }
                };

                $cookieStore.put('globals', $rootScope.globals);
                setUsers(user)
            };