Merge pull request #66 from Alfresco/development

Development

Author: eromano

CHANGELOG.md

@@ -6,8 +6,21 @@ Alfresco JS API
 
 _This project provides a JavaScript client API into the v1 Alfresco REST API_
 
-<a name="0.3.2"></a>
-# [0.3.3](https://github.com/Alfresco/alfresco-js-api/releases/tag/0.3.2) (2016-09-26)
+<a name="0.3.5"></a>
+# [0.3.5](https://github.com/Alfresco/alfresco-js-api/releases/tag/0.3.5) (2016-09-26)
+
+## Fix
+- [Library no longer works with ECM](https://github.com/Alfresco/alfresco-js-api/issues/63)
+- [Flag to enable/disable CSRF behaviour](https://github.com/Alfresco/alfresco-js-api/issues/62)
+
+<a name="0.3.4"></a>
+# [0.3.4](https://github.com/Alfresco/alfresco-js-api/releases/tag/0.3.4) (2016-09-26)
+
+## Fix
+- [csrf token for activiti doesn't work with Node.js](https://github.com/Alfresco/alfresco-js-api/issues/61)
+
+<a name="0.3.3"></a>
+# [0.3.3](https://github.com/Alfresco/alfresco-js-api/releases/tag/0.3.3) (2016-09-26)
 
 ## Fix
 - [Add csrf token for activiti](https://github.com/Alfresco/alfresco-js-api/issues/59)
@@ -72,14 +85,14 @@ Separation between constructor and login phase, decoupling login from constructo
 Before:
 
 ```javascript
-this.alfrescoJsApi = new AlfrescoApi({username, password, host, contextRoot, ticket});
+this.alfrescoJsApi = new AlfrescoApi({username, password, alfrescoHost, contextRoot, ticket});
 this.alfrescoJsApi.login();
 ```
 
 After:
 
 ```javascript
-this.alfrescoJsApi = new AlfrescoApi({hostECM, hostBPM, contextRoot, ticketEcm, ticketBpm});
+this.alfrescoJsApi = new AlfrescoApi({hostECM, hostBPM, contextRoot, ticket});
 this.alfrescoJsApi.login(username, password);
 ```
 

README.md

@@ -121,6 +121,7 @@ hostBpm| (Optional value The Ip or Name of the host where your Activiti instance
 contextRoot| (Optional value that define the context Root of the API default value is alfresco )|alfresco |
 provider| (Optional value default value is ECM. This parameter can accept as value ECM BPM or ALL to use the API and Login in the ECM, Activiti BPM or Both )|alfresco |
 ticket| (Optional only if you want login with the ticket see example below)| |
+disableCsrf| To disable CSRF Token to be submitted. Only for Activiti call.| false |
 
 ### Login with Username and Password BPM and ECM
 

dist/alfresco-js-api.js

@@ -72265,6 +72265,7 @@ var AlfrescoApi = function () {
      *        provider:   // ECM BPM ALL, default ECM
      *        ticketEcm:     // Ticket if you already have a ECM ticket you can pass only the ticket and skip the login, in this case you don't need username and password
      *        ticketBpm:     // Ticket if you already have a BPM ticket you can pass only the ticket and skip the login, in this case you don't need username and password
+     *        disableCsrf:   // To disable CSRF Token to be submitted. Only for Activiti call, by default is false.
      *    };
      */
     function AlfrescoApi(config) {
@@ -72280,7 +72281,8 @@ var AlfrescoApi = function () {
             contextRoot: config.contextRoot || 'alfresco',
             provider: config.provider || 'ECM',
             ticketEcm: config.ticketEcm,
-            ticketBpm: config.ticketBpm
+            ticketBpm: config.ticketBpm,
+            disableCsrf: config.disableCsrf || false
         };
 
         this.bpmAuth = new BpmAuth(this.config);
@@ -72292,6 +72294,12 @@ var AlfrescoApi = function () {
     }
 
     _createClass(AlfrescoApi, [{
+        key: 'changeCsrfConfig',
+        value: function changeCsrfConfig(disableCsrf) {
+            this.config.disableCsrf = disableCsrf;
+            this.bpmAuth.changeCsrfConfig(disableCsrf);
+        }
+    }, {
         key: 'changeEcmHost',
         value: function changeEcmHost(hostEcm) {
             this.config.hostEcm = hostEcm;
@@ -72670,7 +72678,9 @@ var AlfrescoApiClient = function (_ApiClient) {
             // set header parameters
             request.set(this.defaultHeaders).set(this.normalizeParams(headerParams));
 
-            this.setCsrfToken(request);
+            if (this.isBpmRequest() && this.isCsrfEnabled()) {
+                this.setCsrfToken(request);
+            }
 
             // set request timeout
             request.timeout(this.timeout);
@@ -72773,11 +72783,27 @@ var AlfrescoApiClient = function (_ApiClient) {
 
             return this.promise;
         }
+    }, {
+        key: 'isBpmRequest',
+        value: function isBpmRequest() {
+            return this.constructor.name === 'BpmAuth';
+        }
+    }, {
+        key: 'isCsrfEnabled',
+        value: function isCsrfEnabled() {
+            if (this.config) {
+                return !this.config.disableCsrf;
+            } else {
+                return true;
+            }
+        }
     }, {
         key: 'setCsrfToken',
         value: function setCsrfToken(request) {
             var token = this.token();
             request.set('X-CSRF-TOKEN', token);
+            request.set('Cookie', 'CSRF-TOKEN=' + token + ';path=/');
+
             try {
                 document.cookie = 'CSRF-TOKEN=' + token + ';path=/';
             } catch (err) {}
@@ -73223,6 +73249,11 @@ var BpmAuth = function (_AlfrescoApiClient) {
             this.config.hostBpm = host;
             this.basePath = this.config.hostBpm + '/activiti-app'; //Activiti Call
         }
+    }, {
+        key: 'changeCsrfConfig',
+        value: function changeCsrfConfig(disableCsrf) {
+            this.config.disableCsrf = disableCsrf;
+        }
 
         /**
          * login Activiti API

dist/alfresco-js-api.min.js

@@ -1,6 +1,6 @@
 {
   "name": "alfresco-js-api",
-  "version": "0.3.3",
+  "version": "0.3.5",
   "description": "JavaScript client library for the Alfresco REST API",
   "main": "main.js",
   "typings": "dist/alfresco-js-api.d.ts",

package.json

@@ -24,6 +24,7 @@ class AlfrescoApi {
      *        provider:   // ECM BPM ALL, default ECM
      *        ticketEcm:     // Ticket if you already have a ECM ticket you can pass only the ticket and skip the login, in this case you don't need username and password
      *        ticketBpm:     // Ticket if you already have a BPM ticket you can pass only the ticket and skip the login, in this case you don't need username and password
+     *        disableCsrf:   // To disable CSRF Token to be submitted. Only for Activiti call, by default is false.
      *    };
      */
     constructor(config) {
@@ -38,7 +39,8 @@ class AlfrescoApi {
             contextRoot: config.contextRoot || 'alfresco',
             provider: config.provider || 'ECM',
             ticketEcm: config.ticketEcm,
-            ticketBpm: config.ticketBpm
+            ticketBpm: config.ticketBpm,
+            disableCsrf: config.disableCsrf || false
         };
 
         this.bpmAuth = new BpmAuth(this.config);
@@ -49,6 +51,11 @@ class AlfrescoApi {
         Emitter.call(this);
     }
 
+    changeCsrfConfig(disableCsrf) {
+        this.config.disableCsrf = disableCsrf;
+        this.bpmAuth.changeCsrfConfig(disableCsrf);
+    }
+
     changeEcmHost(hostEcm) {
         this.config.hostEcm = hostEcm;
         this.ecmAuth.changeHost(hostEcm);

src/alfrescoApi.js

@@ -58,7 +58,9 @@ class AlfrescoApiClient extends ApiClient {
         // set header parameters
         request.set(this.defaultHeaders).set(this.normalizeParams(headerParams));
 
-        this.setCsrfToken(request);
+        if (this.isBpmRequest() && this.isCsrfEnabled()) {
+            this.setCsrfToken(request);
+        }
 
         // set request timeout
         request.timeout(this.timeout);
@@ -161,9 +163,23 @@ class AlfrescoApiClient extends ApiClient {
         return this.promise;
     }
 
+    isBpmRequest() {
+        return this.constructor.name === 'BpmAuth';
+    }
+
+    isCsrfEnabled() {
+        if (this.config) {
+            return !this.config.disableCsrf;
+        }else {
+            return true;
+        }
+    }
+
     setCsrfToken(request) {
         var token = this.token();
         request.set('X-CSRF-TOKEN', token);
+        request.set('Cookie', 'CSRF-TOKEN=' + token + ';path=/');
+
         try {
             document.cookie = 'CSRF-TOKEN=' + token + ';path=/';
         } catch (err) {

src/alfrescoApiClient.js

@@ -26,6 +26,10 @@ class BpmAuth extends AlfrescoApiClient {
         this.basePath =  this.config.hostBpm + '/activiti-app';   //Activiti Call
     }
 
+    changeCsrfConfig(disableCsrf) {
+        this.config.disableCsrf = disableCsrf;
+    }
+
     /**
      * login Activiti API
      * @param  {String} username:   // Username to login

src/bpmAuth.js

@@ -1,8 +1,9 @@
-/*global describe, it, beforeEach */
+/*global describe, it, beforeEach, afterEach */
 
 var BpmAuth = require('../src/bpmAuth');
 var AuthBpmMock = require('../test/mockObjects/mockAlfrescoApi').ActivitiMock.Auth;
 var expect = require('chai').expect;
+var sinon = require('sinon');
 
 describe('Bpm Auth test', function () {
 
@@ -159,5 +160,43 @@ describe('Bpm Auth test', function () {
             });
 
         });
+
+        describe('CSRF Token', function () {
+
+            beforeEach(function() {
+                this.setCsrfTokenStub = sinon.stub(BpmAuth.prototype, 'setCsrfToken');
+            });
+
+            afterEach(function() {
+                this.setCsrfTokenStub.restore();
+            });
+
+            it('should be enabled by default', function (done) {
+                this.authBpmMock.get200Response();
+
+                this.bpmAuth = new BpmAuth({
+                    hostBpm: this.hostBpm
+                });
+
+                this.bpmAuth.login('admin', 'admin').then(() => {
+                    expect(this.setCsrfTokenStub.called).to.be.equal(true);
+                    done();
+                });
+            });
+
+            it('should be disabled if disableCsrf is true', function (done) {
+                this.authBpmMock.get200Response();
+
+                this.bpmAuth = new BpmAuth({
+                    hostBpm: this.hostBpm,
+                    disableCsrf: true
+                });
+
+                this.bpmAuth.login('admin', 'admin').then(() => {
+                    expect(this.setCsrfTokenStub.called).to.be.equal(false);
+                    done();
+                });
+            });
+        });
     });
 });

test/bpmAuth.spec.js

@@ -545,6 +545,7 @@ export class AlfrescoApiConfig {
     provider: string;
     ticketEcm: string;
     ticketBpm: string;
+    disableCsrf: boolean;
 }
 
 export interface ContentApi {
@@ -604,6 +605,7 @@ export interface AlfrescoJsApi {
 
     changeEcmHost(ecmHost: string);
     changeBpmHost(bpmHost: string);
+    changeCsrfConfig(disableCsrf: boolean);
 
     getNodeInfo(nodeId: string): Promise<MinimalNodeEntryEntity>;
     deleteNode(nodeId: string): any;