Skip to content

E
ecommerce-ui
Commit 903fa6b5 authored by Sven Franck's avatar Sven Franck
Browse files
Options

add credentials on all jio-ajax requests and reversed uri-encoding

parent e0bca8a3
Hide whitespace changes
Inline Side-by-side
Showing with 123 additions and 43 deletions
js/erp5_loader.js
View file @ 903fa6b5
...@@ -2,7 +2,19 @@ ...@@ -2,7 +2,19 @@
/*global console, window, jIO, complex_queries, FormData, RSVP, document, /*global console, window, jIO, complex_queries, FormData, RSVP, document,
jQuery, i18n, hello, Recaptcha, XMLHttpRequest, Modernizr */ jQuery, i18n, hello, Recaptcha, XMLHttpRequest, Modernizr */
// *************************************************************************
// WARNING:
// WARNING: HACKED TOGETHER SO IT WORKS FOR DEMO PURPOSE ONLY!!! // WARNING: HACKED TOGETHER SO IT WORKS FOR DEMO PURPOSE ONLY!!!
// WARNING:
// *************************************************************************
(function (window, document, $) { (function (window, document, $) {
"use strict"; "use strict";
...@@ -541,7 +553,7 @@ ...@@ -541,7 +553,7 @@
// access storage // access storage
fetch = reply.pass.value || reply.pass.state.query.force; fetch = reply.pass.value || reply.pass.state.query.force;
return storage.items.get({"_id": fetch}) return storage.items.get({"_id": window.decodeURIComponent(fetch)})
.then(function(answer) { .then(function(answer) {
query = util.parse(answer).data._links.slapos_jump._query; query = util.parse(answer).data._links.slapos_jump._query;
...@@ -582,7 +594,7 @@ ...@@ -582,7 +594,7 @@
// access storage // access storage
fetch = reply.pass.value || reply.pass.state.query.force; fetch = reply.pass.value || reply.pass.state.query.force;
return storage.items.get({"_id": fetch}) return storage.items.get({"_id": window.decodeURIComponent(fetch)})
.then(function(answer) { .then(function(answer) {
query = util.parse(answer).data._links.slapos_jump._query; query = util.parse(answer).data._links.slapos_jump._query;
...@@ -623,7 +635,9 @@ ...@@ -623,7 +635,9 @@
config = { config = {
"url": storage.items.dict.url, "url": storage.items.dict.url,
"type": "GET", "type": "GET",
"data": JSON.stringify({"_id":""}) "xhrFields": {
"withCredentials": true
}
}; };
// access storage // access storage
...@@ -670,7 +684,7 @@ ...@@ -670,7 +684,7 @@
// access storage // access storage
fetch = reply.pass.value || reply.pass.state.query.force; fetch = reply.pass.value || reply.pass.state.query.force;
return storage.items.get({"_id": fetch}) return storage.items.get({"_id": window.decodeURIComponent(fetch)})
.then(function(answer) { .then(function(answer) {
query = util.parse(answer).data._links.slapos_jump._query; query = util.parse(answer).data._links.slapos_jump._query;
...@@ -711,14 +725,19 @@ ...@@ -711,14 +725,19 @@
config = { config = {
"url": storage.items.dict.url, "url": storage.items.dict.url,
"type": "GET", "type": "GET",
"data": JSON.stringify({"_id":""}) "xhrFields": {
"withCredentials": true
}
}; };
// access storage // access storage
return jIO.util.ajax(config) return jIO.util.ajax(config)
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href "url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
}); });
}).then(function (answer) { }).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump; reply = util.parse(answer.target.responseText)._links.slapos_jump;
...@@ -762,7 +781,7 @@ ...@@ -762,7 +781,7 @@
// access storage // access storage
fetch = reply.pass.value || reply.pass.state.query.force; fetch = reply.pass.value || reply.pass.state.query.force;
return storage.items.get({"_id": fetch}) return storage.items.get({"_id": window.decodeURIComponent(fetch)})
.then(function(answer) { .then(function(answer) {
query = util.parse(answer).data._links.slapos_jump._query; query = util.parse(answer).data._links.slapos_jump._query;
...@@ -803,14 +822,19 @@ ...@@ -803,14 +822,19 @@
config = { config = {
"url": storage.items.dict.url, "url": storage.items.dict.url,
"type": "GET", "type": "GET",
"data": JSON.stringify({"_id":""}) "xhrFields": {
"withCredentials": true
}
}; };
// access storage // access storage
return jIO.util.ajax(config) return jIO.util.ajax(config)
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href "url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
}); });
}).then(function (answer) { }).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump; reply = util.parse(answer.target.responseText)._links.slapos_jump;
...@@ -853,14 +877,19 @@ ...@@ -853,14 +877,19 @@
config = { config = {
"url": storage.items.dict.url, "url": storage.items.dict.url,
"type": "GET", "type": "GET",
"data": JSON.stringify({"_id":""}) "xhrFields": {
"withCredentials": true
}
}; };
// access storage // access storage
return jIO.util.ajax(config) return jIO.util.ajax(config)
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href "url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
}); });
}).then(function (answer) { }).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump; reply = util.parse(answer.target.responseText)._links.slapos_jump;
...@@ -903,14 +932,19 @@ ...@@ -903,14 +932,19 @@
config = { config = {
"url": storage.items.dict.url, "url": storage.items.dict.url,
"type": "GET", "type": "GET",
"data": JSON.stringify({"_id":""}) "xhrFields": {
"withCredentials": true
}
}; };
// access storage // access storage
return jIO.util.ajax(config) return jIO.util.ajax(config)
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href "url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
}); });
}).then(function (answer) { }).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump; reply = util.parse(answer.target.responseText)._links.slapos_jump;
...@@ -954,14 +988,19 @@ ...@@ -954,14 +988,19 @@
config = { config = {
"url": storage.items.dict.url, "url": storage.items.dict.url,
"type": "GET", "type": "GET",
"data": JSON.stringify({"_id":""}) "xhrFields": {
"withCredentials": true
}
}; };
// access storage // access storage
return jIO.util.ajax(config) return jIO.util.ajax(config)
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href "url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
}); });
}).then(function (answer) { }).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump; reply = util.parse(answer.target.responseText)._links.slapos_jump;
...@@ -1004,14 +1043,19 @@ ...@@ -1004,14 +1043,19 @@
config = { config = {
"url": storage.items.dict.url, "url": storage.items.dict.url,
"type": "GET", "type": "GET",
"data": JSON.stringify({"_id":""}) "xhrFields": {
"withCredentials": true
}
}; };
// access storage // access storage
return jIO.util.ajax(config) return jIO.util.ajax(config)
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href "url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
}) })
.then(function (answer) { .then(function (answer) {
if (pass.config.initial_query === undefined) { if (pass.config.initial_query === undefined) {
...@@ -1062,8 +1106,11 @@ ...@@ -1062,8 +1106,11 @@
util.loader("", "status_dict.destroying", "trash"); util.loader("", "status_dict.destroying", "trash");
jIO.util.ajax({ jIO.util.ajax({
"url": element.href, "url": window.decodeURIComponent(element.href),
"type": element.getAttribute("data-method") "type": element.getAttribute("data-method"),
"xhrFields": {
"withCredentials": true
}
}) })
.then(function (answer) { .then(function (answer) {
util.loader("", "status_dict.success", "check"); util.loader("", "status_dict.success", "check");
...@@ -1088,8 +1135,11 @@ ...@@ -1088,8 +1135,11 @@
util.loader("", "status_dict.destroying", "trash"); util.loader("", "status_dict.destroying", "trash");
jIO.util.ajax({ jIO.util.ajax({
"url": element.href, "url": window.decodeURIComponent(element.href),
"type": element.getAttribute("data-method") "type": element.getAttribute("data-method"),
"xhrFields": {
"withCredentials": true
}
}) })
.then(function (response) { .then(function (response) {
util.loader("", "status_dict.success", "check"); util.loader("", "status_dict.success", "check");
...@@ -1133,12 +1183,15 @@ ...@@ -1133,12 +1183,15 @@
} }
util.loader("", "status_dict.updating"); util.loader("", "status_dict.updating");
storage["items"].get({"_id": obj.state.fragment_list[1]},{"_view": "web_view"}) storage["items"].get({"_id": window.decodeURIComponent(obj.state.fragment_list[1])},{"_view": "web_view"})
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response).data._actions.update_allocation_scope.href, "url": util.parse(response).data._actions.update_allocation_scope.href,
"type": "POST", "type": "POST",
"data": formData "data": formData,
"xhrFields": {
"withCredentials": true
}
}); });
}) })
.then(function (answer) { .then(function (answer) {
...@@ -1168,12 +1221,15 @@ ...@@ -1168,12 +1221,15 @@
decode = /^[^\/]*%2[^\/]*$/.test(id); decode = /^[^\/]*%2[^\/]*$/.test(id);
util.loader("", "status_dict.updating"); util.loader("", "status_dict.updating");
storage["items"].get({"_id": obj.state.fragment_list[1]},{"_view": "web_view"}) storage["items"].get({"_id": window.decodeURIComponent(obj.state.fragment_list[1])},{"_view": "web_view"})
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response).data._actions.generate_certificate.href, "url": util.parse(response).data._actions.generate_certificate.href,
"type": "POST", "type": "POST",
"data": formData "data": formData,
"xhrFields": {
"withCredentials": true
}
}); });
}) })
.then(function (answer) { .then(function (answer) {
...@@ -1199,12 +1255,15 @@ ...@@ -1199,12 +1255,15 @@
decode = /^[^\/]*%2[^\/]*$/.test(id); decode = /^[^\/]*%2[^\/]*$/.test(id);
util.loader("", "status_dict.updating"); util.loader("", "status_dict.updating");
storage["items"].get({"_id": obj.state.fragment_list[1]},{"_view": "web_view"}) storage["items"].get({"_id": window.decodeURIComponent(obj.state.fragment_list[1])},{"_view": "web_view"})
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response).data._actions.revoke_certificate.href, "url": util.parse(response).data._actions.revoke_certificate.href,
"type": "POST", "type": "POST",
"data": formData "data": formData,
"xhrFields": {
"withCredentials": true
}
}); });
}) })
.then(function (answer) { .then(function (answer) {
...@@ -1226,8 +1285,11 @@ ...@@ -1226,8 +1285,11 @@
util.loader("", "status_dict.starting", "signal"); util.loader("", "status_dict.starting", "signal");
jIO.util.ajax({ jIO.util.ajax({
"url": element.href, "url": window.decodeURIComponent(element.href),
"type": element.getAttribute("data-method") "type": element.getAttribute("data-method"),
"xhrFields": {
"withCredentials": true
}
}) })
.then(function (response) { .then(function (response) {
util.loader("", "status_dict.success", "check"); util.loader("", "status_dict.success", "check");
...@@ -1245,8 +1307,11 @@ ...@@ -1245,8 +1307,11 @@
util.loader("", "status_dict.stopping", "ban-circle"); util.loader("", "status_dict.stopping", "ban-circle");
jIO.util.ajax({ jIO.util.ajax({
"url": element.href, "url": window.decodeURIComponent(element.href),
"type": element.getAttribute("data-method") "type": element.getAttribute("data-method"),
"xhrFields": {
"withCredentials": true
}
}) })
.then(function (response) { .then(function (response) {
util.loader("", "status_dict.success", "check"); util.loader("", "status_dict.success", "check");
...@@ -1265,7 +1330,7 @@ ...@@ -1265,7 +1330,7 @@
"download": function (obj) { "download": function (obj) {
util.loader("", "status_dict.downloading"); util.loader("", "status_dict.downloading");
storage["items"].get({"_id": obj.element.href.split("/").pop()},{"_view": "web_view"}) storage["items"].get({"_id": window.decodeURIComponent(obj.element.href.split("/").pop())},{"_view": "web_view"})
.then(function(response) { .then(function(response) {
util.loader("", "status_dict.rendering"); util.loader("", "status_dict.rendering");
window.location.href = util.parse(response).data._links.slapos_jump.href; window.location.href = util.parse(response).data._links.slapos_jump.href;
...@@ -1626,12 +1691,15 @@ ...@@ -1626,12 +1691,15 @@
} }
util.loader("", "status_dict.updating"); util.loader("", "status_dict.updating");
storage["items"].get({"_id": obj.state.fragment_list[1]},{"_view": "web_view"}) storage["items"].get({"_id": window.decodeURIComponent(obj.state.fragment_list[1])},{"_view": "web_view"})
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response).data._actions.update.href, "url": util.parse(response).data._actions.update.href,
"type": "POST", "type": "POST",
"data": formData "data": formData,
"xhrFields": {
"withCredentials": true
}
}); });
}) })
.then(function (answer) { .then(function (answer) {
...@@ -1956,7 +2024,7 @@ ...@@ -1956,7 +2024,7 @@
if (props.link) { if (props.link) {
cell.href = item[props.link_source] || cell.href = item[props.link_source] ||
("#" + core + "/" + item[props.link_identifier || "id"]); ("#" + core + "/" + window.encodeURIComponent(item[props.link_identifier || "id"]));
if (props.link_external) { if (props.link_external) {
cell.external = true; cell.external = true;
} }
...@@ -2343,7 +2411,6 @@ ...@@ -2343,7 +2411,6 @@
} else { } else {
util.error("mapFormField: Missing field definition"); util.error("mapFormField: Missing field definition");
} }
return config; return config;
} }
}; };
...@@ -5898,7 +5965,12 @@ ...@@ -5898,7 +5965,12 @@
} }
// install new instance // install new instance
if (answer.response && answer.response.location) { if (answer.response && answer.response.location) {
return jIO.util.ajax({"url": answer.response.location}) return jIO.util.ajax({
"url": answer.response.location,
"xhrFields": {
"withCredentials": true
}
})
.then(function (instance_location) { .then(function (instance_location) {
return util.parse(instance_location.target.responseText)._relative_url; return util.parse(instance_location.target.responseText)._relative_url;
}).fail(util.error); }).fail(util.error);
...@@ -6726,19 +6798,20 @@ ...@@ -6726,19 +6798,20 @@
// WARNING: complex_queries dependency! // WARNING: complex_queries dependency!
app.generateQueryObject = function (query, type, key, value, field_list, restore) { app.generateQueryObject = function (query, type, key, value, field_list, restore) {
var property, wrap, query_object, query_clean, default_query, obj, var property, wrap, query_object, query_clean, default_query, obj,
is_value, i, is_id; is_value, i, is_id, decode;
is_value = value && value !== ""; is_value = value && value !== "";
is_id = query && query.query && query.query._id; is_id = query && query.query && query.query._id;
// "id" = "bar" => THIS SHOULD BE GET! // "id" = "bar" => THIS SHOULD BE GET!
if (is_value && key && key === "_id" || is_id) { if (is_value && key && key === "_id" || is_id) {
obj = {"_id": is_id ? query.query._id : value}; obj = {"_id": window.decodeURIComponent(is_id ? query.query._id : value)};
// ALLDOCS // ALLDOCS
} else { } else {
default_query = query || {}; default_query = query || {};
obj = {"query": ''}; obj = {"query": ''};
value = window.decodeURIComponent(value);
// query string passed? parse it // query string passed? parse it
if (default_query.query) { if (default_query.query) {
...@@ -7444,18 +7517,26 @@ ...@@ -7444,18 +7517,26 @@
promises[0] = jIO.util.ajax({ promises[0] = jIO.util.ajax({
"url": storage.items.dict.url, "url": storage.items.dict.url,
"type": "GET", "type": "GET",
"data": JSON.stringify({"_id":""}) "xhrFields": {
"withCredentials": true
}
}) })
.then(function(response) { .then(function(response) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href "url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
}); });
}) })
.then(function (answer) { .then(function (answer) {
return jIO.util.ajax({ return jIO.util.ajax({
"url": util.parse(answer.target.responseText)._actions[pass.fetch].href, "url": util.parse(answer.target.responseText)._actions[pass.fetch].href,
"type": "POST", "type": "POST",
"data": pass.form_data "data": pass.form_data,
"xhrFields": {
"withCredentials": true
}
}); });
}) })
.then(function (erp5_response) { .then(function (erp5_response) {
...@@ -7814,7 +7895,6 @@ ...@@ -7814,7 +7895,6 @@
if (select_list && parcel.query.include_docs === undefined) { if (select_list && parcel.query.include_docs === undefined) {
convert = "values"; convert = "values";
} }
return storage[parcel.storage][method || "allDocs"](parcel.query, hacked_view) return storage[parcel.storage][method || "allDocs"](parcel.query, hacked_view)
.then(function (response) { .then(function (response) {
// TODO: best way? // TODO: best way?
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7