Merge pull request #203 from mngoe/OP-2347

delcroip · web-flow · commit 07a8c8e3288c · 2025-03-28T10:47:54.000+01:00
Op 2347
diff --git a/.gitignore b/.gitignore
@@ -65,3 +65,4 @@ app/release/output.json
 # Custom product flavours
 
 *custom-flavours.gradle
+*.aab
diff --git a/app/src/main/java/org/openimis/imispolicies/network/okhttp/AuthorizationInterceptor.java b/app/src/main/java/org/openimis/imispolicies/network/okhttp/AuthorizationInterceptor.java
@@ -2,6 +2,7 @@
 
 import androidx.annotation.NonNull;
 
+import org.apache.commons.lang3.StringUtils;
 import org.openimis.imispolicies.MainActivity;
 import org.openimis.imispolicies.repository.LoginRepository;
 
@@ -13,6 +14,7 @@
 import okhttp3.Response;
 
 public class AuthorizationInterceptor implements Interceptor {
+    private static final String REQUESTED_WITH = "mobile";
 
     @NonNull
     private final LoginRepository repository;
@@ -25,11 +27,16 @@ public AuthorizationInterceptor(@NonNull LoginRepository repository) {
     @Override
     public Response intercept(@NonNull Chain chain) throws IOException {
         String token = repository.getFhirToken();
+        String csrfToken = repository.getCsrfToken();
         if (token == null) {
             return chain.proceed(chain.request());
         }
         Request.Builder builder = chain.request().newBuilder();
         builder.addHeader("Authorization", "bearer " + token.trim());
+        builder.addHeader("X-Requested-With", REQUESTED_WITH);
+        if(!StringUtils.isEmpty(csrfToken)){
+            builder.addHeader("X-CSRFToken", csrfToken);
+        }
         Response response = chain.proceed(builder.build());
         if (response.code() == HttpURLConnection.HTTP_UNAUTHORIZED) {
             repository.saveFhirToken(null, null, null);
diff --git a/app/src/main/java/org/openimis/imispolicies/network/request/GetCsrfTokenGraphQLMutation.java b/app/src/main/java/org/openimis/imispolicies/network/request/GetCsrfTokenGraphQLMutation.java
@@ -0,0 +1,66 @@
+package org.openimis.imispolicies.network.request;
+
+import android.media.session.MediaSession;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.WorkerThread;
+
+import com.apollographql.apollo.api.internal.QueryDocumentMinifier;
+
+import org.json.JSONObject;
+import org.openimis.imispolicies.BuildConfig;
+import org.openimis.imispolicies.Global;
+import org.openimis.imispolicies.ToRestApi;
+import org.openimis.imispolicies.tools.Log;
+
+import java.util.Objects;
+
+import okhttp3.MediaType;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
+
+public class GetCsrfTokenGraphQLMutation extends BaseGraphQLRequest {
+
+    private static final String URI = BuildConfig.API_BASE_URL + "api/graphql";
+    public static final MediaType JSON = MediaType.get("application/json; charset=utf-8");
+    protected Global global;
+
+
+    @WorkerThread
+    @NonNull
+    public Response get(@NonNull String jwtToken) throws Exception {
+
+        String QUERY_DOCUMENT = QueryDocumentMinifier.minify(
+                "mutation {"
+                        + "  getCsrfToken {"
+                        + " csrfToken"
+                        + " } "
+                        + " } "
+        );
+
+        JSONObject json = new JSONObject();
+        json.put("query", QUERY_DOCUMENT);
+        OkHttpClient.Builder builder = new OkHttpClient.Builder();
+        OkHttpClient httpClient = builder.build();
+        RequestBody body = RequestBody.create(json.toString(), JSON);
+        Request request = new Request.Builder()
+                .url(URI)
+                .addHeader("Authorization","bearer " + jwtToken)
+                .post(body)
+                .build();
+
+        Response response = httpClient.newCall(request).execute();
+        int responseCode = response.code();
+
+        Log.i("HTTP_POST", URI + " - " + responseCode);
+        Log.i("GetCsrfToken", QUERY_DOCUMENT);
+
+        String responsePhrase = Objects.requireNonNull(response.body()).string();
+        Log.i("RESPONSE", String.format("response: %d %s", responseCode, responsePhrase));
+
+        return response;
+
+    }
+}
diff --git a/app/src/main/java/org/openimis/imispolicies/repository/LoginRepository.java b/app/src/main/java/org/openimis/imispolicies/repository/LoginRepository.java
@@ -25,6 +25,7 @@ public class LoginRepository {
     private static final String FHIR_TOKEN = "fhir_token";
     private static final String FHIR_VALIDITY = "fhir_validity";
     private static final String FHIR_OFFICER_CODE = "fhir_officer_code";
+    private static final String CSRF_TOKEN = "csrf_token";
 
     private final SharedPreferences prefs;
     private final boolean isPaymentEnabled;
@@ -70,6 +71,9 @@ public String getFhirToken() {
         return getToken(FHIR_TOKEN, FHIR_VALIDITY, FHIR_OFFICER_CODE);
     }
 
+    @Nullable
+    public String getCsrfToken() { return prefs.getString(CSRF_TOKEN, null);}
+
     /**
      * Logic taken from [Token.java]
      */
@@ -167,4 +171,13 @@ public void logout() {
         saveFhirToken(null, null, null);
         saveRestToken(null, null, null);
     }
+
+    public void saveCsrfToken( @Nullable String csrfToken){
+        SharedPreferences.Editor editor = prefs.edit();
+        if (StringUtils.isEmpty(csrfToken)) {
+            editor.remove(CSRF_TOKEN);
+        } else {
+            editor.putString(CSRF_TOKEN, csrfToken);
+        }
+    }
 }
diff --git a/app/src/main/java/org/openimis/imispolicies/usecase/Login.java b/app/src/main/java/org/openimis/imispolicies/usecase/Login.java
@@ -11,15 +11,19 @@
 import org.openimis.imispolicies.network.dto.LoginDto;
 import org.openimis.imispolicies.network.dto.TokenDto;
 import org.openimis.imispolicies.network.exception.HttpException;
+import org.openimis.imispolicies.network.request.GetCsrfTokenGraphQLMutation;
 import org.openimis.imispolicies.network.request.LoginRequest;
 import org.openimis.imispolicies.repository.LoginRepository;
+import org.openimis.imispolicies.tools.Log;
 
 import java.net.HttpURLConnection;
 import java.util.Date;
+import java.util.Objects;
 
 import cz.msebera.android.httpclient.HttpEntity;
 import cz.msebera.android.httpclient.HttpResponse;
 import cz.msebera.android.httpclient.util.EntityUtils;
+import okhttp3.Response;
 
 public class Login {
 
@@ -55,7 +59,11 @@ public void execute(@NonNull String username, @NonNull String password) throws E
         }
         try {
             TokenDto token = request.post(new LoginDto(username.trim(), password));
+            Response response = new GetCsrfTokenGraphQLMutation().get(token.getToken());
+            String csrfToken = Objects.requireNonNull(response.body()).toString();
+            Log.e("response token", response.body().toString());
             repository.saveFhirToken(token.getToken(), new Date(token.getExpiresOn()), officerCode);
+            repository.saveCsrfToken(csrfToken);
             if (isPaymentEnabled) {
                 token = loginToRestApi(username, password);
                 repository.saveRestToken(token.getToken(), new Date(token.getExpiresOn()), officerCode);

Original file line number	Diff line number	Diff line change
`@@ -65,3 +65,4 @@ app/release/output.json`
`65`	`65`	`# Custom product flavours`
`66`	`66`
`67`	`67`	`*custom-flavours.gradle`
	`68`	`+*.aab`