Update CSRF token handling

Author: radito3

clients/baseclient/client_error.go

@@ -3,9 +3,10 @@ package baseclient
 import (
 	"bytes"
 	"fmt"
+	"net/http"
 	"time"
 
-	strfmt "github.com/go-openapi/strfmt"
+	"github.com/go-openapi/strfmt"
 
 	"github.com/go-openapi/runtime"
 )
@@ -14,6 +15,7 @@ type ClientError struct {
 	Code        int
 	Status      string
 	Description interface{}
+	Headers     http.Header
 }
 
 func (ce *ClientError) Error() string {
@@ -36,6 +38,15 @@ func NewClientError(err error) error {
 	return err
 }
 
+func NewClientErrorFromHttpResponse(response *http.Response, description string) error {
+	return &ClientError{
+		Code:        response.StatusCode,
+		Status:      response.Status,
+		Description: description,
+		Headers:     response.Header,
+	}
+}
+
 func BuildErrorResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	result := &ErrorResponse{
 		Code:   response.Code(),

clients/baseclient/client_util_test.go

@@ -19,39 +19,39 @@ var _ = Describe("ClientUtil", func() {
 
 		Context("when the backend returns status code with first digit 1 (1xx)", func() {
 			It("Retry operation call is expected to be made", func() {
-				err := ClientError{102, "Processing", "The request has been accepted but it's not yet complete"}
+				err := ClientError{Code: 102, Status: "Processing", Description: "The request has been accepted but it's not yet complete"}
 				result := shouldRetry(&err)
 				Expect(result).To(Equal(true))
 			})
 		})
 
 		Context("when the backend returns status code with first digit 2 (2xx)", func() {
 			It("Retry operation call shouldn't be made", func() {
-				err := ClientError{200, "OK", "The request has succeeded"}
+				err := ClientError{Code: 200, Status: "OK", Description: "The request has succeeded"}
 				result := shouldRetry(&err)
 				Expect(result).To(Equal(false))
 			})
 		})
 
 		Context("when the backend returns status code with first digit 3 (3xx)", func() {
 			It("Retry operation call is expected to be made", func() {
-				err := ClientError{301, "Moved Permanently", "URI of requested resource has been changed"}
+				err := ClientError{Code: 301, Status: "Moved Permanently", Description: "URI of requested resource has been changed"}
 				result := shouldRetry(&err)
 				Expect(result).To(Equal(true))
 			})
 		})
 
 		Context("when the backend returns status code with first digit 4 (4xx)", func() {
 			It("Retry operation call is expected to be made", func() {
-				err := ClientError{404, "Not Found", "The server cannot find requested resource"}
+				err := ClientError{Code: 404, Status: "Not Found", Description: "The server cannot find requested resource"}
 				result := shouldRetry(&err)
 				Expect(result).To(Equal(true))
 			})
 		})
 
 		Context("when the backend returns status code with first digit 5 (5xx)", func() {
 			It("Retry operation call is expected to be made", func() {
-				err := ClientError{500, "Internal Server Error", "The server got an invalid response"}
+				err := ClientError{Code: 500, Status: "Internal Server Error", Description: "The server got an invalid response"}
 				result := shouldRetry(&err)
 				Expect(result).To(Equal(true))
 			})
@@ -84,7 +84,7 @@ var _ = Describe("ClientUtil", func() {
 			It("Callback with retry", func() {
 				mockCallback := func() (interface{}, error) {
 					toReturn := testStruct{}
-					err := ClientError{404, "Not Found", "The server cannot find requesred resource"}
+					err := ClientError{Code: 404, Status: "Not Found", Description: "The server cannot find requesred resource"}
 					return toReturn, &err
 				}
 				result, err := CallWithRetry(mockCallback, 4, time.Duration(0))

clients/baseclient/test_token_factory.go

@@ -0,0 +1,54 @@
+package csrf
+
+import (
+	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/csrf/csrf_parameters"
+	"net/http"
+	"sync"
+	"time"
+)
+
+const CookieHeader = "Cookie"
+
+type CsrfTokenHelper struct {
+	Header              string
+	Token               string
+	Cookies             []*http.Cookie
+	NonProtectedMethods map[string]struct{}
+	LastUpdateTime      time.Time
+	Mutex               sync.Mutex
+}
+
+func (c *CsrfTokenHelper) IsProtectionRequired(req *http.Request) bool {
+	_, present := c.NonProtectedMethods[req.Method]
+	return !present
+}
+
+func (c *CsrfTokenHelper) IsExpired(timeout time.Duration) bool {
+	return c.LastUpdateTime.IsZero() || c.LastUpdateTime.Add(timeout).Before(time.Now())
+}
+
+func (c *CsrfTokenHelper) Update(params csrf_parameters.CsrfParams) {
+	c.Header = params.CsrfTokenHeader
+	c.Token = params.CsrfTokenValue
+	c.Cookies = params.Cookies
+	c.LastUpdateTime = time.Now()
+}
+
+func (c *CsrfTokenHelper) SetInRequest(req *http.Request) {
+	req.Header.Set(c.Header, c.Token)
+	UpdateCookiesIfNeeded(c.Cookies, req)
+}
+
+func (c *CsrfTokenHelper) InvalidateToken() {
+	c.LastUpdateTime = time.Time{}
+}
+
+func UpdateCookiesIfNeeded(cookies []*http.Cookie, request *http.Request) {
+	if len(cookies) == 0 {
+		return
+	}
+	request.Header.Del(CookieHeader)
+	for _, cookie := range cookies {
+		request.AddCookie(cookie)
+	}
+}

clients/csrf/csrf_helper.go

@@ -1,6 +1,9 @@
 package csrf_parameters
 
-type CsrfRequestHeader struct {
+import "net/http"
+
+type CsrfParams struct {
 	CsrfTokenHeader string
 	CsrfTokenValue  string
+	Cookies         []*http.Cookie
 }

clients/csrf/csrf_parameters/csrf_request_header.go

@@ -1,11 +1,7 @@
 package csrf
 
-import (
-	"net/http"
-
-	"github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/csrf/csrf_parameters"
-)
+import "github.com/cloudfoundry-incubator/multiapps-cli-plugin/clients/csrf/csrf_parameters"
 
 type CsrfTokenFetcher interface {
-	FetchCsrfToken(url string, currentRequest *http.Request) (*csrf_parameters.CsrfRequestHeader, error)
+	FetchCsrfToken(url, authToken string) (csrf_parameters.CsrfParams, error)
 }

clients/csrf/csrf_token_fetcher.go

@@ -3,8 +3,6 @@ package csrf
 import "net/http"
 
 type CsrfTokenManager interface {
-	initializeToken(forceInitializing bool) error
-	updateToken()
-	refreshTokenIfNeeded(response *http.Response) (bool, error)
-	updateCsrfTokenInRequest()
+	updateToken(*http.Request) error
+	invalidateToken()
 }