From 4a5f7b0c51f616015437cc63f8977364f3851491 Mon Sep 17 00:00:00 2001 From: Yannick Schaus Date: Wed, 25 Aug 2021 19:38:24 +0200 Subject: [PATCH] Fix detection of protected user API operations The current implementation would set the access token before trying out calling `/rest/sitemaps` which would obviously always succeed, since the call would be made with the token. Therefore the "requireToken" flag would not be set properly and prevent the alternative SSE implementation (which allows headers) to be used. Fixes #1146. Signed-off-by: Yannick Schaus --- .../org.openhab.ui/web/src/js/openhab/auth.js | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/bundles/org.openhab.ui/web/src/js/openhab/auth.js b/bundles/org.openhab.ui/web/src/js/openhab/auth.js index 7ac37cc881..c8f2461fad 100644 --- a/bundles/org.openhab.ui/web/src/js/openhab/auth.js +++ b/bundles/org.openhab.ui/web/src/js/openhab/auth.js @@ -84,17 +84,22 @@ export function storeBasicCredentials () { } export function setAccessToken (token, api) { - accessToken = token - if (!token || !api || requireToken !== undefined) return Promise.resolve() - - // determine whether the token is required for user operations - return api.get('/rest/sitemaps').then((resp) => { - requireToken = false - return Promise.resolve() - }).catch((err) => { - if (err === 'Unauthorized' || err === 401) requireToken = true + if (!token || !api) return Promise.resolve() + if (requireToken === undefined) { + // determine whether the token is required for user operations + return api.get('/rest/sitemaps').then((resp) => { + accessToken = token + requireToken = false + return Promise.resolve() + }).catch((err) => { + if (err === 'Unauthorized' || err === 401) requireToken = true + accessToken = token + return Promise.resolve() + }) + } else { + accessToken = token return Promise.resolve() - }) + } } export function clearAccessToken () {