[DSC-2142] fix creation of short-lived token during SSR by initializing XSRF token

atarix83 · Andrea Barbasso · commit 2500195dfaba · 2025-01-14T11:22:12.000+01:00
diff --git a/src/app/core/auth/server-auth-request.service.spec.ts b/src/app/core/auth/server-auth-request.service.spec.ts
@@ -9,6 +9,8 @@ import {
   XSRF_REQUEST_HEADER,
   XSRF_RESPONSE_HEADER
 } from '../xsrf/xsrf.constants';
+import { XSRFService } from '../xsrf/xsrf.service';
+import { BehaviorSubject } from 'rxjs/internal/BehaviorSubject';
 
 describe(`ServerAuthRequestService`, () => {
   let href: string;
@@ -17,6 +19,7 @@ describe(`ServerAuthRequestService`, () => {
   let httpClient: HttpClient;
   let httpResponse: HttpResponse<any>;
   let halService: HALEndpointService;
+  let xsrfService: XSRFService;
   const mockToken = 'mock-token';
 
   beforeEach(() => {
@@ -37,7 +40,10 @@ describe(`ServerAuthRequestService`, () => {
     halService = jasmine.createSpyObj('halService', {
       'getRootHref': '/api'
     });
-    service = new ServerAuthRequestService(halService, requestService, null, httpClient);
+    xsrfService = jasmine.createSpyObj('xsrfService', null, {
+      'tokenInitialized$': new BehaviorSubject(false),
+    });
+    service = new ServerAuthRequestService(halService, requestService, null, httpClient, xsrfService);
   });
 
   describe(`createShortLivedTokenRequest`, () => {
diff --git a/src/app/core/auth/server-auth-request.service.ts b/src/app/core/auth/server-auth-request.service.ts
@@ -14,8 +14,9 @@ import {
   XSRF_RESPONSE_HEADER,
   DSPACE_XSRF_COOKIE
 } from '../xsrf/xsrf.constants';
-import { map } from 'rxjs/operators';
+import { map, tap } from 'rxjs/operators';
 import { Observable } from 'rxjs';
+import { XSRFService } from '../xsrf/xsrf.service';
 
 /**
  * Server side version of the service to send authentication requests
@@ -28,6 +29,7 @@ export class ServerAuthRequestService extends AuthRequestService {
     requestService: RequestService,
     rdbService: RemoteDataBuildService,
     protected httpClient: HttpClient,
+    protected xsrfService: XSRFService
   ) {
     super(halService, requestService, rdbService);
   }
@@ -43,6 +45,7 @@ export class ServerAuthRequestService extends AuthRequestService {
     return this.httpClient.get(this.halService.getRootHref(), { observe: 'response' }).pipe(
       // retrieve the XSRF token from the response header
       map((response: HttpResponse<any>) => response.headers.get(XSRF_RESPONSE_HEADER)),
+      tap(() => this.xsrfService.tokenInitialized$.next(true)),
       // Use that token to create an HttpHeaders object
       map((xsrfToken: string) => new HttpHeaders()
           .set('Content-Type', 'application/json; charset=utf-8')
