projects / osm / NG-UI.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Coverity-CWE 922: Insecure Storage of Sensitive Information(localStorage write)
[osm/NG-UI.git] / src / services / AuthInterceptorService.ts
diff --git a/src/services/AuthInterceptorService.ts b/src/services/AuthInterceptorService.ts
index ede10a8..5f4255e 100644 (file)
--- a/src/services/AuthInterceptorService.ts
+++ b/src/services/AuthInterceptorService.ts
@@ -66,11 +66,11 @@ export class AuthInterceptorService implements HttpInterceptor {
      * @param next
      */
     public intercept(req: HttpRequest<{}>, next: HttpHandler): Observable<HttpSentEvent |
-        // tslint:disable-next-line:no-any
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         HttpHeaderResponse | HttpProgressEvent | HttpResponse<{}> | HttpUserEvent<any> | any> {
-        const idToken: string = localStorage.getItem('id_token');
+        const idToken: string = sessionStorage.getItem('id_token');
         const excludedUrl: string[] = ['osm/admin/v1/tokens', 'assets/i18n/', 'osm/version'];
-        if (excludedUrl.some((x: string): boolean => { return req.url.includes(x); })) { return next.handle(req); }
+        if (excludedUrl.some((x: string): boolean => req.url.includes(x))) { return next.handle(req); }
         if (idToken.length > 0) {
             this.setHeader(req, idToken);
             return next.handle(this.clonedReq).pipe(
@@ -85,7 +85,7 @@ export class AuthInterceptorService implements HttpInterceptor {
     }
 
     /** Set header options @public */
-    // tslint:disable-next-line:no-any
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
     public setHeader(req: HttpRequest<any>, idToken: string): void {
         if (req.body !== null && req.body.byteLength !== null) {
             this.clonedReq = req.clone({
@@ -93,8 +93,12 @@ export class AuthInterceptorService implements HttpInterceptor {
             });
         } else {
             this.clonedReq = req.clone({
-                setHeaders: { Authorization: 'Bearer ' + idToken, 'Content-Type': 'charset=UTF-8',
-                'Cache-Control': 'no-cache', Pragma: 'no-cache' }
+                setHeaders: {
+                    Authorization: 'Bearer ' + idToken,
+                    'Content-Type': 'charset=UTF-8',
+                    'Cache-Control': 'no-cache',
+                    Pragma: 'no-cache'
+                }
             });
         }
     }
@@ -103,18 +107,23 @@ export class AuthInterceptorService implements HttpInterceptor {
     public errorRes(err: HttpErrorResponse, req: HttpRequest<{}>, next: HttpHandler): Observable<{}> {
         if (err instanceof HttpErrorResponse) {
             switch (err.status) {
-                case HttpStatus.UNAUTHORIZED || HttpStatus.FORBIDDEN:
+                case HttpStatus.UNAUTHORIZED:
+                case HttpStatus.FORBIDDEN:
                     this.handleError(err);
                     break;
+                case HttpStatus.GATEWAY_TIMEOUT:
+                case HttpStatus.BAD_GATEWAY:
+                    this.notifierService.hideAll();
+                    this.authService.logoutResponse();
+                    break;
                 default: return throwError(err);
             }
         } else { return throwError(err); }
     }
 
-    /** Method to handle  401 & 403 error */
+    /** Method to handle  401, 403 & 502 error */
     private handleError(err: HttpErrorResponse): void {
-        if (err.error.detail === 'Expired Token or Authorization HTTP header' ||
-            err.error.detail === 'Invalid Token or Authorization HTTP header') {
+        if (err.error.detail !== 'Access denied: lack of permissions.' && err.error.detail !== 'You cannot remove system_admin role from admin user') {
             this.notifierService.hideAll();
             this.authService.logoutResponse();
             if (this.authService.handle401) {