Merge pull request #490 from aspnetboilerplate/maliming/patch-1

demirmusa · web-flow · commit ea01ef0ba67b · 2019-12-03T10:27:41.000+03:00
Fixed the issue that anti forgery failed after user identity changed.
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Controllers/AntiForgeryController.cs b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Controllers/AntiForgeryController.cs
@@ -1,20 +1,30 @@
+using System.Threading.Tasks;
+using Abp.Web.Security.AntiForgery;
 using Microsoft.AspNetCore.Antiforgery;
 using AbpCompanyName.AbpProjectName.Controllers;
+using Microsoft.AspNetCore.Mvc;
 
 namespace AbpCompanyName.AbpProjectName.Web.Host.Controllers
 {
     public class AntiForgeryController : AbpProjectNameControllerBase
     {
         private readonly IAntiforgery _antiforgery;
+        private readonly IAbpAntiForgeryManager _antiForgeryManager;
 
-        public AntiForgeryController(IAntiforgery antiforgery)
+        public AntiForgeryController(IAntiforgery antiforgery, IAbpAntiForgeryManager antiForgeryManager)
         {
             _antiforgery = antiforgery;
+            _antiForgeryManager = antiForgeryManager;
         }
 
         public void GetToken()
         {
             _antiforgery.SetCookieTokenAndHeader(HttpContext);
         }
+
+        public void SetCookie()
+        {
+            _antiForgeryManager.SetCookie(HttpContext);
+        }
     }
 }
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Controllers/HomeController.cs b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Controllers/HomeController.cs
@@ -13,17 +13,13 @@ public class HomeController : AbpProjectNameControllerBase
     {
         private readonly INotificationPublisher _notificationPublisher;
 
-        private readonly IAbpAntiForgeryManager _abpAntiForgeryManager;
-
-        public HomeController(INotificationPublisher notificationPublisher, IAbpAntiForgeryManager abpAntiForgeryManager)
+        public HomeController(INotificationPublisher notificationPublisher)
         {
             _notificationPublisher = notificationPublisher;
-            _abpAntiForgeryManager = abpAntiForgeryManager;
         }
 
         public IActionResult Index()
         {
-            _abpAntiForgeryManager.SetCookie(HttpContext);
             return Redirect("/swagger");
         }
 
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Startup/Startup.cs b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Startup/Startup.cs
@@ -119,8 +119,7 @@ public void Configure(IApplicationBuilder app,  ILoggerFactory loggerFactory)
                 endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}");
                 endpoints.MapControllerRoute("defaultWithArea", "{area}/{controller=Home}/{action=Index}/{id?}");
             });
-
-
+          
             // Enable middleware to serve generated Swagger as a JSON endpoint
             app.UseSwagger();
             // Enable middleware to serve swagger-ui assets (HTML, JS, CSS etc.)
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/wwwroot/swagger/ui/index.html b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/wwwroot/swagger/ui/index.html
@@ -70,8 +70,21 @@
     <script src="swagger-ui-standalone-preset.js"></script>
     <script src="ui/abp.js"></script>
     <script src="ui/abp.swagger.js"></script>
+
     <script>
         window.onload = function () {
+            var authToken = abp.auth.getToken();
+            if (authToken) {
+                fetch("/AntiForgery/SetCookie",
+                    {
+                        headers: {
+                            "Authorization": 'Bearer ' + authToken
+                        }
+                    });
+            } else {
+                fetch("/AntiForgery/SetCookie");
+            }
+
             var configObject = JSON.parse('%(ConfigObject)');
 
             // Apply mandatory parameters
@@ -109,16 +122,12 @@
                                             lineHeight: "normal"
                                         },
                                         onClick: function () {
-                                            var authorizeButton = document.getElementById('authorize');
                                             if (abp.auth.getToken()) {
                                                 abp.swagger.logout();
-                                                authorizeButton.innerText = getAuthorizeButtonText();
-                                                authorizeButton.className = 'btn ' + getAuthorizeButtonCssClass();
+                                                location.reload();
                                             } else {
                                                 abp.swagger.openAuthDialog(function () {
-                                                    authorizeButton.innerText = getAuthorizeButtonText();
-                                                    authorizeButton.className = 'btn ' + getAuthorizeButtonCssClass();
-                                                    abp.swagger.closeAuthDialog();
+                                                    location.reload();
                                                 });
                                             }
                                         }

Original file line number	Diff line number	Diff line change
`@@ -1,20 +1,30 @@`
	`1`	`+using System.Threading.Tasks;`
	`2`	`+using Abp.Web.Security.AntiForgery;`
`1`	`3`	`using Microsoft.AspNetCore.Antiforgery;`
`2`	`4`	`using AbpCompanyName.AbpProjectName.Controllers;`
	`5`	`+using Microsoft.AspNetCore.Mvc;`
`3`	`6`
`4`	`7`	`namespace AbpCompanyName.AbpProjectName.Web.Host.Controllers`
`5`	`8`	`{`
`6`	`9`	`public class AntiForgeryController : AbpProjectNameControllerBase`
`7`	`10`	`{`
`8`	`11`	`private readonly IAntiforgery _antiforgery;`
	`12`	`+ private readonly IAbpAntiForgeryManager _antiForgeryManager;`
`9`	`13`
`10`		`- public AntiForgeryController(IAntiforgery antiforgery)`
	`14`	`+ public AntiForgeryController(IAntiforgery antiforgery, IAbpAntiForgeryManager antiForgeryManager)`
`11`	`15`	`{`
`12`	`16`	`_antiforgery = antiforgery;`
	`17`	`+ _antiForgeryManager = antiForgeryManager;`
`13`	`18`	`}`
`14`	`19`
`15`	`20`	`public void GetToken()`
`16`	`21`	`{`
`17`	`22`	`_antiforgery.SetCookieTokenAndHeader(HttpContext);`
`18`	`23`	`}`
	`24`	`+`
	`25`	`+ public void SetCookie()`
	`26`	`+ {`
	`27`	`+ _antiForgeryManager.SetCookie(HttpContext);`
	`28`	`+ }`
`19`	`29`	`}`
`20`	`30`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,17 +13,13 @@ public class HomeController : AbpProjectNameControllerBase`
`13`	`13`	`{`
`14`	`14`	`private readonly INotificationPublisher _notificationPublisher;`
`15`	`15`
`16`		`- private readonly IAbpAntiForgeryManager _abpAntiForgeryManager;`
`17`		`-`
`18`		`- public HomeController(INotificationPublisher notificationPublisher, IAbpAntiForgeryManager abpAntiForgeryManager)`
	`16`	`+ public HomeController(INotificationPublisher notificationPublisher)`
`19`	`17`	`{`
`20`	`18`	`_notificationPublisher = notificationPublisher;`
`21`		`- _abpAntiForgeryManager = abpAntiForgeryManager;`
`22`	`19`	`}`
`23`	`20`
`24`	`21`	`public IActionResult Index()`
`25`	`22`	`{`
`26`		`- _abpAntiForgeryManager.SetCookie(HttpContext);`
`27`	`23`	`return Redirect("/swagger");`
`28`	`24`	`}`
`29`	`25`