#60 restore correct user after refresh

README.md

@@ -93,7 +93,6 @@ Navigate to the `cra-client` and `cra-server` directories. Run `npm install` ins
 
 After a couple of minutes while it builds, for tenant aaa, you should be able to login to the user interface using `http://localhost:3000/aaa/login`.
 
-
 ### Demo login 
 
 In your web browser go to https://localhost:9443/aaa/ : 

cra-client/src/components/GlossaryAuthor/components/GlossaryQuickTerms.js

@@ -46,7 +46,8 @@ export default function GlossaryQuickTerms(props) {
     e.preventDefault();
     setRestCallInProgress(true);
     if (terms.length > 0) {
-      console.log("issueUpdate " + url);
+      // Disabling logging as CodeQL does not like user supplied values being logged.
+      // console.log("issueUpdate " + url);
       issueRestCreate(url, terms, onSuccessfulCreate, onErrorCreate);
     } else {
       alert("Nothing to create");

cra-client/src/components/GlossaryAuthor/components/update/UpdateNode.js

@@ -45,8 +45,8 @@ export default function UpdateNode(props) {
 
     // TODO consider moving this up to a node controller as per the CRUD pattern.
     // in the meantime this will be self contained.
-
-    console.log("issueUpdate " + url);
+    // Disabling logging as CodeQL does not like user supplied values being logged.
+    // console.log("issueUpdate " + url);
     issueRestUpdate(url, body, onSuccessfulUpdate, onErrorUpdate);
   };
   const onSuccessfulGet = (json) => {

cra-server/db/users.js

@@ -39,17 +39,18 @@ var records = [
 
 ];
 
-exports.findById = function(id, cb) {
-process.nextTick(function() {
-console.log("findByUserId");
-var idx = id - 1;
-if (records[idx]) {
-  cb(null, Object.assign({}, records[idx]));
-} else {
-  cb(new Error('User ' + id + ' does not exist'));
-}
-});
-}
+exports.findById = function (id, cb) {
+  process.nextTick(function () {
+    console.log("findByUserId");
+    for (var i = 0, len = records.length; i < len; i++) {
+      var record = records[i];
+      if (record.id === id) {
+        return cb(null, Object.assign({}, record));
+      }
+    }
+    return cb(new Error("User " + id + " does not exist"));
+  });
+};
 
 exports.findByUsername = function(username, cb) {
 process.nextTick(function() {

cra-server/functions/getAxiosInstance.js

@@ -27,7 +27,6 @@ const getAxiosInstance = (url) => {
       remoteServerName +
       "/open-metadata/view-services/" +
       remainingURL;
-    console.log("downstream url " + downStreamURL);
     const instance = axios.create({
       baseURL: downStreamURL,
       httpsAgent: new https.Agent({

cra-server/functions/getServerInfoFromEnv.js

@@ -2,20 +2,16 @@
 /* Copyright Contributors to the ODPi Egeria project. */
 
 const getServerInfoFromEnv = () => {
-
-  console.log(" getServerInfoFromEnv() 1");
   let modifiableServers = {};
   // capitals as Windows can be case sensitive.
   const env_prefix = "EGERIA_PRESENTATIONSERVER_SERVER_";
-  // console.log(process.env);
 
   const env = process.env;
 
   for (const envVariable in env) {
     try {
       if (envVariable.startsWith(env_prefix)) {
         // Found an environment variable with out prefix
-        console.log(" getServerInfoFromEnv() 2");
         if (envVariable.length == env_prefix.length - 1) {
           console.log(
             "there is no server name specified in the environment Variable envVariable.length=" +

cra-server/functions/passportConfiguration.js

@@ -44,7 +44,8 @@ const passportConfiguration = (passport) => {
   passport.deserializeUser(function (id, cb) {
     console.log("deserializeUser called with id " + id);
     db.users.findById(id, function (err, user) {
-      console.log("passport.deserializeUser user is " + user + ",err is" + err);
+      // Disabling logging as CodeQL does not like user supplied values being logged.  
+      // console.log("passport.deserializeUser user is " + user + ",err is" + err);
       if (err) {
         return cb(err);
       }

cra-server/functions/serverNameMiddleware.js

@@ -26,13 +26,15 @@ const serverNameMiddleWare = (req, res, next) => {
 
   if (segmentNumber > 1) {
     const segment1 = segmentArray.slice(1, 2).join("/");
-    console.log("segment1 " + segment1);
+    // Disabling logging as CodeQL does not like user supplied values being logged.
+    // console.log("segment1 " + segment1);
 
     if (segment1 != "servers" && segment1 != "open-metadata" && segment1 != "user") {
       // in a production scenario we are looking at login, favicon.ico and bundle.js for for now look for those in the last segment
       // TODO once we have development webpack, maybe the client should send a /js/ or a /static/ segment after the servername so we know to keep the subsequent segments.
 
       const lastSegment = segmentArray.slice(-1);
+      // Disabling logging as CodeQL does not like user supplied values being logged.
       // console.log("Last segment is " + lastSegment);
       if (
         lastSegment == "bundle.js" ||
@@ -47,6 +49,7 @@ const serverNameMiddleWare = (req, res, next) => {
       req.query.serverName = segment1;
     }
   }
+  // Disabling logging as CodeQL does not like user supplied values being logged.
   // console.log("after " + req.url);
   next();
 

cra-server/package.json

@@ -23,6 +23,7 @@
     "body-parser": "^1.19.0",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
+    "express-rate-limit": "^5.2.3",
     "express-session": "^1.17.1",
     "passport": "^0.4.1",
     "passport-local": "^1.0.0"