Fix detection of protected user API operations (#1148)

The current implementation would set the access token before trying out calling `/rest/sitemaps` which would obviously always succeed, since the call would be made with the token. Therefore the "requireToken" flag would not be set properly and prevent the alternative SSE implementation (which allows headers) to be used. Fixes #1146. Signed-off-by: Yannick Schaus <github@schaus.net>
2021-08-30 00:59:18 +02:00 · 2021-08-30 00:59:18 +02:00 · b402600ff1
parent 01cee7bb29
commit b402600ff1
1 changed files with 15 additions and 10 deletions
--- a/bundles/org.openhab.ui/web/src/js/openhab/auth.js
+++ b/bundles/org.openhab.ui/web/src/js/openhab/auth.js
@ -84,17 +84,22 @@ export function storeBasicCredentials () {
 }

 export function setAccessToken (token, api) {
-  accessToken = token
-  if (!token || !api || requireToken !== undefined) return Promise.resolve()
-
+  if (!token || !api) return Promise.resolve()
+  if (requireToken === undefined) {
    // determine whether the token is required for user operations
    return api.get('/rest/sitemaps').then((resp) => {
+      accessToken = token
      requireToken = false
      return Promise.resolve()
    }).catch((err) => {
      if (err === 'Unauthorized' || err === 401) requireToken = true
+      accessToken = token
      return Promise.resolve()
    })
+  } else {
+    accessToken = token
+    return Promise.resolve()
+  }
 }

 export function clearAccessToken () {