Skip to content

E
ecommerce-ui
Commit 903fa6b5 authored by Sven Franck's avatar Sven Franck
Browse files
Options

add credentials on all jio-ajax requests and reversed uri-encoding

parent e0bca8a3
Show whitespace changes
Inline Side-by-side
Showing with 123 additions and 43 deletions
js/erp5_loader.js
View file @ 903fa6b5
......@@ -2,7 +2,19 @@
/*global console, window, jIO, complex_queries, FormData, RSVP, document,
jQuery, i18n, hello, Recaptcha, XMLHttpRequest, Modernizr */
// *************************************************************************
// WARNING:
// WARNING: HACKED TOGETHER SO IT WORKS FOR DEMO PURPOSE ONLY!!!
// WARNING:
// *************************************************************************
(function (window, document, $) {
"use strict";
......@@ -541,7 +553,7 @@
// access storage
fetch = reply.pass.value || reply.pass.state.query.force;
return storage.items.get({"_id": fetch})
return storage.items.get({"_id": window.decodeURIComponent(fetch)})
.then(function(answer) {
query = util.parse(answer).data._links.slapos_jump._query;
......@@ -582,7 +594,7 @@
// access storage
fetch = reply.pass.value || reply.pass.state.query.force;
return storage.items.get({"_id": fetch})
return storage.items.get({"_id": window.decodeURIComponent(fetch)})
.then(function(answer) {
query = util.parse(answer).data._links.slapos_jump._query;
......@@ -623,7 +635,9 @@
config = {
"url": storage.items.dict.url,
"type": "GET",
"data": JSON.stringify({"_id":""})
"xhrFields": {
"withCredentials": true
}
};
// access storage
......@@ -670,7 +684,7 @@
// access storage
fetch = reply.pass.value || reply.pass.state.query.force;
return storage.items.get({"_id": fetch})
return storage.items.get({"_id": window.decodeURIComponent(fetch)})
.then(function(answer) {
query = util.parse(answer).data._links.slapos_jump._query;
......@@ -711,14 +725,19 @@
config = {
"url": storage.items.dict.url,
"type": "GET",
"data": JSON.stringify({"_id":""})
"xhrFields": {
"withCredentials": true
}
};
// access storage
return jIO.util.ajax(config)
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href
"url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
});
}).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump;
......@@ -762,7 +781,7 @@
// access storage
fetch = reply.pass.value || reply.pass.state.query.force;
return storage.items.get({"_id": fetch})
return storage.items.get({"_id": window.decodeURIComponent(fetch)})
.then(function(answer) {
query = util.parse(answer).data._links.slapos_jump._query;
......@@ -803,14 +822,19 @@
config = {
"url": storage.items.dict.url,
"type": "GET",
"data": JSON.stringify({"_id":""})
"xhrFields": {
"withCredentials": true
}
};
// access storage
return jIO.util.ajax(config)
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href
"url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
});
}).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump;
......@@ -853,14 +877,19 @@
config = {
"url": storage.items.dict.url,
"type": "GET",
"data": JSON.stringify({"_id":""})
"xhrFields": {
"withCredentials": true
}
};
// access storage
return jIO.util.ajax(config)
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href
"url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
});
}).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump;
......@@ -903,14 +932,19 @@
config = {
"url": storage.items.dict.url,
"type": "GET",
"data": JSON.stringify({"_id":""})
"xhrFields": {
"withCredentials": true
}
};
// access storage
return jIO.util.ajax(config)
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href
"url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
});
}).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump;
......@@ -954,14 +988,19 @@
config = {
"url": storage.items.dict.url,
"type": "GET",
"data": JSON.stringify({"_id":""})
"xhrFields": {
"withCredentials": true
}
};
// access storage
return jIO.util.ajax(config)
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href
"url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
});
}).then(function (answer) {
reply = util.parse(answer.target.responseText)._links.slapos_jump;
......@@ -1004,14 +1043,19 @@
config = {
"url": storage.items.dict.url,
"type": "GET",
"data": JSON.stringify({"_id":""})
"xhrFields": {
"withCredentials": true
}
};
// access storage
return jIO.util.ajax(config)
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href
"url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
})
.then(function (answer) {
if (pass.config.initial_query === undefined) {
......@@ -1062,8 +1106,11 @@
util.loader("", "status_dict.destroying", "trash");
jIO.util.ajax({
"url": element.href,
"type": element.getAttribute("data-method")
"url": window.decodeURIComponent(element.href),
"type": element.getAttribute("data-method"),
"xhrFields": {
"withCredentials": true
}
})
.then(function (answer) {
util.loader("", "status_dict.success", "check");
......@@ -1088,8 +1135,11 @@
util.loader("", "status_dict.destroying", "trash");
jIO.util.ajax({
"url": element.href,
"type": element.getAttribute("data-method")
"url": window.decodeURIComponent(element.href),
"type": element.getAttribute("data-method"),
"xhrFields": {
"withCredentials": true
}
})
.then(function (response) {
util.loader("", "status_dict.success", "check");
......@@ -1133,12 +1183,15 @@
}
util.loader("", "status_dict.updating");
storage["items"].get({"_id": obj.state.fragment_list[1]},{"_view": "web_view"})
storage["items"].get({"_id": window.decodeURIComponent(obj.state.fragment_list[1])},{"_view": "web_view"})
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response).data._actions.update_allocation_scope.href,
"type": "POST",
"data": formData
"data": formData,
"xhrFields": {
"withCredentials": true
}
});
})
.then(function (answer) {
......@@ -1168,12 +1221,15 @@
decode = /^[^\/]*%2[^\/]*$/.test(id);
util.loader("", "status_dict.updating");
storage["items"].get({"_id": obj.state.fragment_list[1]},{"_view": "web_view"})
storage["items"].get({"_id": window.decodeURIComponent(obj.state.fragment_list[1])},{"_view": "web_view"})
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response).data._actions.generate_certificate.href,
"type": "POST",
"data": formData
"data": formData,
"xhrFields": {
"withCredentials": true
}
});
})
.then(function (answer) {
......@@ -1199,12 +1255,15 @@
decode = /^[^\/]*%2[^\/]*$/.test(id);
util.loader("", "status_dict.updating");
storage["items"].get({"_id": obj.state.fragment_list[1]},{"_view": "web_view"})
storage["items"].get({"_id": window.decodeURIComponent(obj.state.fragment_list[1])},{"_view": "web_view"})
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response).data._actions.revoke_certificate.href,
"type": "POST",
"data": formData
"data": formData,
"xhrFields": {
"withCredentials": true
}
});
})
.then(function (answer) {
......@@ -1226,8 +1285,11 @@
util.loader("", "status_dict.starting", "signal");
jIO.util.ajax({
"url": element.href,
"type": element.getAttribute("data-method")
"url": window.decodeURIComponent(element.href),
"type": element.getAttribute("data-method"),
"xhrFields": {
"withCredentials": true
}
})
.then(function (response) {
util.loader("", "status_dict.success", "check");
......@@ -1245,8 +1307,11 @@
util.loader("", "status_dict.stopping", "ban-circle");
jIO.util.ajax({
"url": element.href,
"type": element.getAttribute("data-method")
"url": window.decodeURIComponent(element.href),
"type": element.getAttribute("data-method"),
"xhrFields": {
"withCredentials": true
}
})
.then(function (response) {
util.loader("", "status_dict.success", "check");
......@@ -1265,7 +1330,7 @@
"download": function (obj) {
util.loader("", "status_dict.downloading");
storage["items"].get({"_id": obj.element.href.split("/").pop()},{"_view": "web_view"})
storage["items"].get({"_id": window.decodeURIComponent(obj.element.href.split("/").pop())},{"_view": "web_view"})
.then(function(response) {
util.loader("", "status_dict.rendering");
window.location.href = util.parse(response).data._links.slapos_jump.href;
......@@ -1626,12 +1691,15 @@
}
util.loader("", "status_dict.updating");
storage["items"].get({"_id": obj.state.fragment_list[1]},{"_view": "web_view"})
storage["items"].get({"_id": window.decodeURIComponent(obj.state.fragment_list[1])},{"_view": "web_view"})
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response).data._actions.update.href,
"type": "POST",
"data": formData
"data": formData,
"xhrFields": {
"withCredentials": true
}
});
})
.then(function (answer) {
......@@ -1956,7 +2024,7 @@
if (props.link) {
cell.href = item[props.link_source] ||
("#" + core + "/" + item[props.link_identifier || "id"]);
("#" + core + "/" + window.encodeURIComponent(item[props.link_identifier || "id"]));
if (props.link_external) {
cell.external = true;
}
......@@ -2343,7 +2411,6 @@
} else {
util.error("mapFormField: Missing field definition");
}
return config;
}
};
......@@ -5898,7 +5965,12 @@
}
// install new instance
if (answer.response && answer.response.location) {
return jIO.util.ajax({"url": answer.response.location})
return jIO.util.ajax({
"url": answer.response.location,
"xhrFields": {
"withCredentials": true
}
})
.then(function (instance_location) {
return util.parse(instance_location.target.responseText)._relative_url;
}).fail(util.error);
......@@ -6726,19 +6798,20 @@
// WARNING: complex_queries dependency!
app.generateQueryObject = function (query, type, key, value, field_list, restore) {
var property, wrap, query_object, query_clean, default_query, obj,
is_value, i, is_id;
is_value, i, is_id, decode;
is_value = value && value !== "";
is_id = query && query.query && query.query._id;
// "id" = "bar" => THIS SHOULD BE GET!
if (is_value && key && key === "_id" || is_id) {
obj = {"_id": is_id ? query.query._id : value};
obj = {"_id": window.decodeURIComponent(is_id ? query.query._id : value)};
// ALLDOCS
} else {
default_query = query || {};
obj = {"query": ''};
value = window.decodeURIComponent(value);
// query string passed? parse it
if (default_query.query) {
......@@ -7444,18 +7517,26 @@
promises[0] = jIO.util.ajax({
"url": storage.items.dict.url,
"type": "GET",
"data": JSON.stringify({"_id":""})
"xhrFields": {
"withCredentials": true
}
})
.then(function(response) {
return jIO.util.ajax({
"url": util.parse(response.target.responseText)._links.me.href
"url": util.parse(response.target.responseText)._links.me.href,
"xhrFields": {
"withCredentials": true
}
});
})
.then(function (answer) {
return jIO.util.ajax({
"url": util.parse(answer.target.responseText)._actions[pass.fetch].href,
"type": "POST",
"data": pass.form_data
"data": pass.form_data,
"xhrFields": {
"withCredentials": true
}
});
})
.then(function (erp5_response) {
......@@ -7814,7 +7895,6 @@
if (select_list && parcel.query.include_docs === undefined) {
convert = "values";
}
return storage[parcel.storage][method || "allDocs"](parcel.query, hacked_view)
.then(function (response) {
// TODO: best way?
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7