Merge pull request #97 from mngoe/feature-31351

bypass the csrfToken with specific User-agent

Author: delcroip

claimManagement/src/main/graphql/org.openimis.imisclaim/GetCsrfToken.graphql

@@ -0,0 +1,5 @@
+mutation GetCsrfToken {
+    getCsrfToken {
+        csrfToken
+    }
+}

claimManagement/src/main/graphql/org.openimis.imisclaim/schema.graphqls

@@ -4472,6 +4472,11 @@ Skip indicates that the claim is not selected for review
   revokeToken(refreshToken: String): Revoke
   deleteTokenCookie: DeleteJSONWebTokenCookie
   deleteRefreshTokenCookie: DeleteRefreshTokenCookie
+  getCsrfToken: GetCsrfTokenMutationPayload
+}
+
+type GetCsrfTokenMutationPayload {
+  csrfToken: String
 }
 
 type GenerateTimeframeInvoicesPayload {

claimManagement/src/main/java/org/openimis/imisclaims/Global.java

@@ -65,6 +65,7 @@ public class Global extends Application {
     private static final String SHPREF_NAME = "SHPref";
     private static final String SHPREF_LANGUAGE = "language";
     private static final String DEFAULT_LANGUAGE_CODE = "en";
+    private static final String SHPREF_CSRF = "csrfToken";
     private static Global instance;
     private String OfficerCode;
     private String OfficerHealthFacility;
@@ -137,6 +138,11 @@ public Token getJWTToken() {
         return JWTToken;
     }
 
+    public String getCsrfToken(){
+        SharedPreferences sp = getDefaultSharedPreferences();
+        return sp.getString(SHPREF_CSRF,null);
+    }
+
     public boolean isLoggedIn() {
         boolean isLoggedIn = getJWTToken().isTokenValidJWT();
         if (!isLoggedIn) {

claimManagement/src/main/java/org/openimis/imisclaims/network/okhttp/AuthorizationInterceptor.java

@@ -6,6 +6,7 @@
 
 import org.openimis.imisclaims.Global;
 import org.openimis.imisclaims.Token;
+import org.openimis.imisclaims.tools.Log;
 
 import java.io.IOException;
 import java.net.HttpURLConnection;
@@ -22,14 +23,17 @@ public class AuthorizationInterceptor implements Interceptor {
     public AuthorizationInterceptor(@NonNull Global global) {
         this.global = global;
     }
+    private static final String USER_AGENT = "mobile_app";
 
     @NonNull
     @Override
     public Response intercept(@NonNull Chain chain) throws IOException {
         Token token = global.getJWTToken();
+        String csrfToken = global.getCsrfToken();
         if (token != null && token.isTokenValidJWT()) {
             Request.Builder builder = chain.request().newBuilder();
             builder.addHeader("Authorization", "bearer " + token.getTokenText().trim());
+            builder.addHeader("User-Agent", USER_AGENT);
             Response response = chain.proceed(builder.build());
             if (response.code() == HttpURLConnection.HTTP_UNAUTHORIZED) {
                 global.getJWTToken().clearToken();

claimManagement/src/main/java/org/openimis/imisclaims/network/request/BaseGraphQLRequest.java

@@ -5,6 +5,7 @@
 
 import com.apollographql.apollo.ApolloCall;
 import com.apollographql.apollo.ApolloClient;
+import com.apollographql.apollo.api.Mutation;
 import com.apollographql.apollo.api.Operation;
 import com.apollographql.apollo.api.Query;
 import com.apollographql.apollo.api.Response;
@@ -14,9 +15,11 @@
 import org.openimis.imisclaims.network.apollo.DateCustomTypeAdapter;
 import org.openimis.imisclaims.network.apollo.DateTimeCustomTypeAdapter;
 import org.openimis.imisclaims.network.apollo.DecimalCustomTypeAdapter;
+import org.openimis.imisclaims.network.exception.HttpException;
 import org.openimis.imisclaims.network.util.OkHttpUtils;
 import org.openimis.imisclaims.type.CustomType;
 
+import java.net.HttpURLConnection;
 import java.util.concurrent.Semaphore;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
@@ -62,4 +65,54 @@ public void onFailure(@NonNull ApolloException e) {
         }
         return responses[0];
     }
+
+    @NonNull
+    @WorkerThread
+    protected <T extends Operation.Data> Response<T> makeSynchronous(Operation<T, ?, ?> query) throws Exception {
+        Semaphore semaphore = new Semaphore(0);
+        final Exception[] exceptions = new Exception[1];
+        final Response<T>[] responses = new Response[1];
+        ApolloCall<?> call;
+        if (query instanceof Query) {
+            call = apolloClient.query((Query<T, ?, ?>) query);
+        } else if(query instanceof Mutation) {
+            call = apolloClient.mutate((Mutation<T, ?, ?>) query);
+        } else {
+            throw new IllegalArgumentException("Query is unsupported");
+        }
+        call.enqueue(new ApolloCall.Callback() {
+            @Override
+            public void onResponse(@NonNull Response response) {
+                responses[0] = response;
+                semaphore.release();
+            }
+
+            @Override
+            public void onFailure(@NonNull ApolloException e) {
+                exceptions[0] = e;
+                semaphore.release();
+            }
+        });
+        if (!semaphore.tryAcquire(TIME_OUT_IN_MS, TimeUnit.MILLISECONDS)) {
+            throw new TimeoutException("Call couldn't finish within " + TIME_OUT_IN_MS + "ms");
+        }
+        Exception exception = exceptions[0];
+        if (exception != null) {
+            throw exception;
+        }
+        Response<T> response = responses[0];
+        if (response.hasErrors()) {
+            String details = response.getErrors().get(0).getMessage();
+            if (details.equals("User not authorized for this operation")) {
+                throw new HttpException(
+                        HttpURLConnection.HTTP_UNAUTHORIZED,
+                        details,
+                        null,
+                        null
+                );
+            }
+            throw new RuntimeException(response.toString());
+        }
+        return response;
+    }
 }

claimManagement/src/main/java/org/openimis/imisclaims/network/request/GetCsrfTokenGraphQLMutation.java

@@ -0,0 +1,22 @@
+package org.openimis.imisclaims.network.request;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.WorkerThread;
+
+import org.openimis.imisclaims.GetCsrfTokenMutation;
+
+import java.util.Objects;
+
+public class GetCsrfTokenGraphQLMutation extends BaseGraphQLRequest {
+
+    @WorkerThread
+    @NonNull
+    public String get() throws Exception {
+        com.apollographql.apollo.api.Response<GetCsrfTokenMutation.Data> response = makeSynchronous(new GetCsrfTokenMutation());
+        return Objects.requireNonNull(
+                Objects.requireNonNull(
+                        Objects.requireNonNull(response.getData(), "data is null")
+                                .getCsrfToken(), "csrfToken is null"
+                ).csrfToken(), "csrfToken is null");
+    }
+}

claimManagement/src/main/java/org/openimis/imisclaims/usecase/Login.java

@@ -1,12 +1,16 @@
 package org.openimis.imisclaims.usecase;
 
+import android.content.SharedPreferences;
+
 import androidx.annotation.NonNull;
 import androidx.annotation.WorkerThread;
 
 import org.openimis.imisclaims.Global;
 import org.openimis.imisclaims.network.dto.LoginDto;
 import org.openimis.imisclaims.network.dto.TokenDto;
+import org.openimis.imisclaims.network.request.GetCsrfTokenGraphQLMutation;
 import org.openimis.imisclaims.network.request.LoginRequest;
+import org.openimis.imisclaims.tools.Log;
 
 import java.util.concurrent.TimeUnit;
 
@@ -16,17 +20,22 @@ public class Login {
     private final LoginRequest request;
     @NonNull
     private final Global global;
+    @NonNull
+    private final GetCsrfTokenGraphQLMutation getCsrfTokenGraphQLMutation;
+    private static final String SHPREF_CSRF = "csrfToken";
 
     public Login(
             @NonNull LoginRequest request,
-            @NonNull Global global
+            @NonNull Global global,
+            @NonNull GetCsrfTokenGraphQLMutation getCsrfTokenGraphQLMutation
     ) {
         this.request = request;
         this.global = global;
+        this.getCsrfTokenGraphQLMutation = getCsrfTokenGraphQLMutation;
     }
 
     public Login() {
-        this(new LoginRequest(), Global.getGlobal());
+        this(new LoginRequest(), Global.getGlobal(), new GetCsrfTokenGraphQLMutation());
     }
 
     @WorkerThread
@@ -37,6 +46,11 @@ public void execute(@NonNull String username, String password) {
                     token.getToken(),
                     TimeUnit.SECONDS.toMillis(token.getExpiresOn())
             );
+            String csrfToken = getCsrfTokenGraphQLMutation.get();
+            SharedPreferences sp = global.getDefaultSharedPreferences();
+            SharedPreferences.Editor editor = sp.edit();
+            editor.putString(SHPREF_CSRF, csrfToken);
+            editor.apply();
         } catch (Exception e) {
             e.printStackTrace();
         }