Kick out the user when the user has been invalidated. This should solve a few issues with "still being logged in"

4 years ago · 87233a7fd3
parent a4bbb8853b
commit 87233a7fd3
4 changed files with 48 additions and 31 deletions
--- a/src/Ombi/ClientApp/src/app/app.module.ts
+++ b/src/Ombi/ClientApp/src/app/app.module.ts
@ -1,5 +1,5 @@
 import { CommonModule, PlatformLocation, APP_BASE_HREF } from "@angular/common";
-import { HttpClient, HttpClientModule } from "@angular/common/http";
+import { HttpClient, HttpClientModule, HTTP_INTERCEPTORS } from "@angular/common/http";
 import { NgModule } from "@angular/core";
 import { FormsModule, ReactiveFormsModule } from "@angular/forms";
 import { BrowserModule } from "@angular/platform-browser";
@ -66,6 +66,7 @@ import { StorageService } from "./shared/storage/storage-service";
 import { SignalRNotificationService } from "./services/signlarnotification.service";
 import { MatMenuModule } from "@angular/material/menu";
 import { RemainingRequestsComponent } from "./shared/remaining-requests/remaining-requests.component";
+import { UnauthorizedInterceptor } from "./auth/unauthorized.interceptor";

 const routes: Routes = [
    { path: "*", component: PageNotFoundComponent },
@ -196,6 +197,11 @@ export function JwtTokenGetter() {
        {
            provide: APP_BASE_HREF,
            useValue: window["baseHref"]
+        },
+        {
+            provide: HTTP_INTERCEPTORS,
+            useClass: UnauthorizedInterceptor,
+            multi: true
        }
       ],
    bootstrap: [AppComponent],
--- a/src/Ombi/ClientApp/src/app/auth/unauthorized.interceptor.ts
+++ b/src/Ombi/ClientApp/src/app/auth/unauthorized.interceptor.ts
@ -0,0 +1,29 @@
+import { Injectable } from '@angular/core';
+import { HttpRequest, HttpHandler, HttpEvent, HttpInterceptor, HttpErrorResponse } from '@angular/common/http';
+import { Observable, Subject, throwError } from 'rxjs';
+import { catchError, throttleTime } from 'rxjs/operators';
+import { AuthService } from './auth.service';
+import { Router } from '@angular/router';
+
+@Injectable()
+export class UnauthorizedInterceptor implements HttpInterceptor {
+
+    private throttleLogout = new Subject();
+    constructor(private authService: AuthService, private router: Router) {
+        this.throttleLogout.pipe(throttleTime(5000)).subscribe(url => {
+            this.authService.logout();
+            this.router.navigate(["login"]);
+        });
+    }
+
+    public intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
+        return next.handle(request).pipe(
+            catchError((response: HttpErrorResponse) => {
+                if (response.status === 401) {
+                    this.throttleLogout.next();
+                }
+                return throwError(response);
+            }
+            ));
+    }
+}
--- a/src/Ombi/ClientApp/src/app/shared/functions/common-functions.ts
+++ b/src/Ombi/ClientApp/src/app/shared/functions/common-functions.ts
@ -1,28 +0,0 @@
-export function getBaseLocation() {
-    debugger;
-    let paths: string[] = location.pathname.split('/').splice(1, 1);
-    let basePath: string = (paths && paths[0] ? paths[0] : ""); 
-    if(invalidProxies.indexOf(basePath.toUpperCase()) === -1){
-        return '/' + basePath;
-    }
-    return '/';
-}
-
-const invalidProxies: string[] = [
-    'DISCOVER',
-    'REQUESTS-LIST',
-    'SETTINGS',
-    'ISSUES',
-    'USERMANAGEMENT',
-    'RECENTLYADDED',
-    'DETAILS',
-    'VOTE',
-    'LOGIN',
-    'LANDINGPAGE',
-    'TOKEN',
-    'RESET',
-    'CUSTOM',
-    'AUTH',
-    'WIZARD',
-    "CALENDAR"    
-]
--- a/src/Ombi/Extensions/StartupExtensions.cs
+++ b/src/Ombi/Extensions/StartupExtensions.cs
@ -1,5 +1,6 @@
 using System;
 using System.IO;
+using System.Linq;
 using System.Reflection;
 using System.Text;
 using System.Threading.Tasks;
@ -9,6 +10,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
 using Ombi.Config;
+using Ombi.Core.Authentication;
 using Ombi.Helpers;
 using Ombi.Models.Identity;

@ -102,7 +104,6 @@ namespace Ombi
                        OnMessageReceived = context =>
                        {
                            var accessToken = context.Request.Query["access_token"];
-
                            // If the request is for our hub...
                            var path = context.HttpContext.Request.Path;
                            if (!string.IsNullOrEmpty(accessToken) &&
@ -111,8 +112,17 @@ namespace Ombi
                                // Read the token out of the query string
                                context.Token = accessToken;
                            }
-
                            return Task.CompletedTask;
+                        },
+                        OnTokenValidated = async context =>
+                        {
+                            var userid = context.Principal?.Claims?.Where(x => x.Type.Equals("id", StringComparison.InvariantCultureIgnoreCase)).FirstOrDefault()?.Value ?? default;
+                            var um = context.HttpContext.RequestServices.GetRequiredService<OmbiUserManager>();
+                            var user = await um.FindByIdAsync(userid);
+                            if (user == null)
+                            {
+                                context.Fail("invaild token");
+                            }
                        }
                    };
                });