search

lonely-lockley / archinsight

Simplicity in Code, Power in Design
https://archinsight.org
GNU Affero General Public License v3.0
51 stars 5 forks source link

Authentication issue #76

Closed lonely-lockley closed 6 months ago

lonely-lockley commented 6 months ago

After switch to websockets the loginCallback method stopped working as this protocol does not grant any access to httpOnly cookies where auth token is stored. Need to find a solution cause users are able to authenticate, but cannot realize they succeeded. The page does not refresh. There is a second part of the problem: NPE on logout

24.02.2024 13:08:08.728 ERROR [qtp1984990929-90] c.v.flow.server.DefaultErrorHandler - 
java.lang.NullPointerException: Cannot invoke "com.vaadin.flow.server.VaadinServletResponse.addCookie(jakarta.servlet.http.Cookie)" because "response" is null
    at com.github.lonelylockley.archinsight.security.Authentication.clearAuthToken(Authentication.java:88)
    at com.github.lonelylockley.archinsight.security.Authentication.deauthenticate(Authentication.java:78)
    at com.github.lonelylockley.archinsight.components.tiles.LoginTile$LogoutClickListener.onComponentEvent(LoginTile.java:106)
    at com.github.lonelylockley.archinsight.components.tiles.LoginTile$LogoutClickListener.onComponentEvent(LoginTile.java:98)
    at com.vaadin.flow.component.ComponentEventBus.fireEventForListener(ComponentEventBus.java:239)
    at com.vaadin.flow.component.ComponentEventBus.handleDomEvent(ComponentEventBus.java:488)
    at com.vaadin.flow.component.ComponentEventBus.lambda$addDomTrigger$dd1b7957$1(ComponentEventBus.java:298)
    at com.vaadin.flow.internal.nodefeature.ElementListenerMap.lambda$fireEvent$2(ElementListenerMap.java:447)
    at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
lonely-lockley commented 6 months ago

The best solution would be make Vaadin send xhr request instead of websocket for selected actions. The only question is how to make it