From 62a4cb171624408fcf8a68420660644b82a6ab1a Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 11 Jul 2023 10:54:44 +0200 Subject: [PATCH 1/9] Use env var to determine session or local storage --- packages/web-pkg/src/configuration/manager.ts | 1 + packages/web-pkg/src/configuration/types.ts | 1 + .../web-runtime/src/services/auth/userManager.ts | 16 ++++++++++------ packages/web-runtime/src/store/config.ts | 1 + 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/packages/web-pkg/src/configuration/manager.ts b/packages/web-pkg/src/configuration/manager.ts index 5cc56eafec9..b54c46e7386 100644 --- a/packages/web-pkg/src/configuration/manager.ts +++ b/packages/web-pkg/src/configuration/manager.ts @@ -95,6 +95,7 @@ export class ConfigurationManager { get(options, 'openLinksWithDefaultApp', true) ) set(this.optionsConfiguration, 'upload.companionUrl', get(options, 'upload.companionUrl', '')) + set(this.optionsConfiguration, 'tokenStorageLocal', get(options, 'tokenStorageLocal', false)) } get options(): OptionsConfiguration { diff --git a/packages/web-pkg/src/configuration/types.ts b/packages/web-pkg/src/configuration/types.ts index e5226447b20..59bd17054ab 100644 --- a/packages/web-pkg/src/configuration/types.ts +++ b/packages/web-pkg/src/configuration/types.ts @@ -20,6 +20,7 @@ export interface OptionsConfiguration { logoutUrl?: string contextHelpersReadMore?: boolean openLinksWithDefaultApp?: boolean + tokenStorageLocal?: boolean } export interface OAuth2Configuration { diff --git a/packages/web-runtime/src/services/auth/userManager.ts b/packages/web-runtime/src/services/auth/userManager.ts index eaf6b012466..c1a708841a9 100644 --- a/packages/web-runtime/src/services/auth/userManager.ts +++ b/packages/web-runtime/src/services/auth/userManager.ts @@ -34,14 +34,17 @@ export class UserManager extends OidcUserManager { private _unloadReason: UnloadReason private ability: Ability private language: Language - + private browserStorage: Storage public areEventHandlersRegistered: boolean constructor(options: UserManagerOptions) { + const browserStorage = options.configurationManager.options.tokenStorageLocal + ? localStorage + : sessionStorage const storePrefix = 'oc_oAuth.' const userStore = new WebStorageStateStore({ prefix: storePrefix, - store: sessionStorage + store: browserStorage }) const openIdConfig: UserManagerSettings = { userStore, @@ -89,6 +92,7 @@ export class UserManager extends OidcUserManager { super(openIdConfig) this.storePrefix = storePrefix + this.browserStorage = browserStorage this.clientService = options.clientService this.configurationManager = options.configurationManager this.store = options.store @@ -116,16 +120,16 @@ export class UserManager extends OidcUserManager { } getAndClearPostLoginRedirectUrl(): string { - const url = sessionStorage.getItem(postLoginRedirectUrlKey) || '/' - sessionStorage.removeItem(postLoginRedirectUrlKey) + const url = this.browserStorage.getItem(postLoginRedirectUrlKey) || '/' + this.browserStorage.removeItem(postLoginRedirectUrlKey) return url } setPostLoginRedirectUrl(url?: string): void { if (url) { - sessionStorage.setItem(postLoginRedirectUrlKey, url) + this.browserStorage.setItem(postLoginRedirectUrlKey, url) } else { - sessionStorage.removeItem(postLoginRedirectUrlKey) + this.browserStorage.removeItem(postLoginRedirectUrlKey) } } diff --git a/packages/web-runtime/src/store/config.ts b/packages/web-runtime/src/store/config.ts index c7e5e0f40c5..16ddede733b 100644 --- a/packages/web-runtime/src/store/config.ts +++ b/packages/web-runtime/src/store/config.ts @@ -68,6 +68,7 @@ const state = { sharingRecipientsPerPage: 200, contextHelpersReadMore: true, openLinksWithDefaultApp: true, + tokenStorageLocal: false, privacyUrl: '', imprintUrl: '', accessDeniedHelpUrl: '' From e1feece9ac7e4e594a2a9bfe8d53439958f87b04 Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 11 Jul 2023 10:59:44 +0200 Subject: [PATCH 2/9] Debug --- packages/web-runtime/src/services/auth/userManager.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/web-runtime/src/services/auth/userManager.ts b/packages/web-runtime/src/services/auth/userManager.ts index c1a708841a9..6ce326d5567 100644 --- a/packages/web-runtime/src/services/auth/userManager.ts +++ b/packages/web-runtime/src/services/auth/userManager.ts @@ -38,9 +38,11 @@ export class UserManager extends OidcUserManager { public areEventHandlersRegistered: boolean constructor(options: UserManagerOptions) { - const browserStorage = options.configurationManager.options.tokenStorageLocal + let browserStorage = options.configurationManager.options.tokenStorageLocal ? localStorage : sessionStorage + // DEBUG AS OCIS DOCKER IMAGE IS OUTDATED + browserStorage = sessionStorage const storePrefix = 'oc_oAuth.' const userStore = new WebStorageStateStore({ prefix: storePrefix, From 07b8ca30efeb8fa928839b25b76beb1299698bc1 Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 11 Jul 2023 11:04:05 +0200 Subject: [PATCH 3/9] Debug --- packages/web-runtime/src/services/auth/userManager.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/web-runtime/src/services/auth/userManager.ts b/packages/web-runtime/src/services/auth/userManager.ts index 6ce326d5567..2c7ef8304c1 100644 --- a/packages/web-runtime/src/services/auth/userManager.ts +++ b/packages/web-runtime/src/services/auth/userManager.ts @@ -42,7 +42,7 @@ export class UserManager extends OidcUserManager { ? localStorage : sessionStorage // DEBUG AS OCIS DOCKER IMAGE IS OUTDATED - browserStorage = sessionStorage + browserStorage = localStorage const storePrefix = 'oc_oAuth.' const userStore = new WebStorageStateStore({ prefix: storePrefix, From d2d7ace0a14b1b48bf353f48fa12db0889eea65a Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 11 Jul 2023 13:37:47 +0200 Subject: [PATCH 4/9] Add default true to docker-compose file --- docker-compose.yml | 1 + packages/web-runtime/src/services/auth/userManager.ts | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 756e74a5f99..558f17cda78 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,6 +21,7 @@ services: WEB_UI_CONFIG: ${WEB_UI_CONFIG:-/web/config.json} WEB_ASSET_PATH: ${WEB_ASSET_PATH:-/web/dist} WEB_UI_THEME_PATH: ${WEB_UI_THEME_PATH:-/themes/owncloud/theme.json} + WEB_OPTION_TOKEN_STORAGE_LOCAL: "true" #FRONTEND FRONTEND_SEARCH_MIN_LENGTH: "2" diff --git a/packages/web-runtime/src/services/auth/userManager.ts b/packages/web-runtime/src/services/auth/userManager.ts index 2c7ef8304c1..c1a708841a9 100644 --- a/packages/web-runtime/src/services/auth/userManager.ts +++ b/packages/web-runtime/src/services/auth/userManager.ts @@ -38,11 +38,9 @@ export class UserManager extends OidcUserManager { public areEventHandlersRegistered: boolean constructor(options: UserManagerOptions) { - let browserStorage = options.configurationManager.options.tokenStorageLocal + const browserStorage = options.configurationManager.options.tokenStorageLocal ? localStorage : sessionStorage - // DEBUG AS OCIS DOCKER IMAGE IS OUTDATED - browserStorage = localStorage const storePrefix = 'oc_oAuth.' const userStore = new WebStorageStateStore({ prefix: storePrefix, From 8c73e7bf0b2383c1a41ce2694614f56e6b28f824 Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 11 Jul 2023 13:44:28 +0200 Subject: [PATCH 5/9] Add changelog item --- .../enhancement-allow-local-storage-for-auth-token | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 changelog/unreleased/enhancement-allow-local-storage-for-auth-token diff --git a/changelog/unreleased/enhancement-allow-local-storage-for-auth-token b/changelog/unreleased/enhancement-allow-local-storage-for-auth-token new file mode 100644 index 00000000000..75199787552 --- /dev/null +++ b/changelog/unreleased/enhancement-allow-local-storage-for-auth-token @@ -0,0 +1,8 @@ +Enhancement: Allow local storage for auth token + +We've introduced a new env var WEB_OPTION_TOKEN_STORAGE_LOCAL, when set true, the auth token will be stored in the +browser's local storage instead the session storage, this will effect in a persisted login state across multiple +browser tabs. + +https://github.com/owncloud/web/pull/9386 +https://github.com/owncloud/web/issues/9325 From 4faadd4d0121fc0c96a24273158c1a64fc14464a Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 11 Jul 2023 14:04:19 +0200 Subject: [PATCH 6/9] True as default --- .../unreleased/enhancement-allow-local-storage-for-auth-token | 2 +- packages/web-pkg/src/configuration/manager.ts | 2 +- packages/web-runtime/src/store/config.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/changelog/unreleased/enhancement-allow-local-storage-for-auth-token b/changelog/unreleased/enhancement-allow-local-storage-for-auth-token index 75199787552..c7812e0fdc0 100644 --- a/changelog/unreleased/enhancement-allow-local-storage-for-auth-token +++ b/changelog/unreleased/enhancement-allow-local-storage-for-auth-token @@ -1,6 +1,6 @@ Enhancement: Allow local storage for auth token -We've introduced a new env var WEB_OPTION_TOKEN_STORAGE_LOCAL, when set true, the auth token will be stored in the +We've introduced a new env var WEB_OPTION_TOKEN_STORAGE_LOCAL, when set to true(default), the auth token will be stored in the browser's local storage instead the session storage, this will effect in a persisted login state across multiple browser tabs. diff --git a/packages/web-pkg/src/configuration/manager.ts b/packages/web-pkg/src/configuration/manager.ts index b54c46e7386..e9125d7d34e 100644 --- a/packages/web-pkg/src/configuration/manager.ts +++ b/packages/web-pkg/src/configuration/manager.ts @@ -95,7 +95,7 @@ export class ConfigurationManager { get(options, 'openLinksWithDefaultApp', true) ) set(this.optionsConfiguration, 'upload.companionUrl', get(options, 'upload.companionUrl', '')) - set(this.optionsConfiguration, 'tokenStorageLocal', get(options, 'tokenStorageLocal', false)) + set(this.optionsConfiguration, 'tokenStorageLocal', get(options, 'tokenStorageLocal', true)) } get options(): OptionsConfiguration { diff --git a/packages/web-runtime/src/store/config.ts b/packages/web-runtime/src/store/config.ts index 16ddede733b..c58a80c522e 100644 --- a/packages/web-runtime/src/store/config.ts +++ b/packages/web-runtime/src/store/config.ts @@ -68,7 +68,7 @@ const state = { sharingRecipientsPerPage: 200, contextHelpersReadMore: true, openLinksWithDefaultApp: true, - tokenStorageLocal: false, + tokenStorageLocal: true, privacyUrl: '', imprintUrl: '', accessDeniedHelpUrl: '' From 6e6c29ef7f5b9c5fd942ae1bf711e952d02da229 Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 11 Jul 2023 14:05:43 +0200 Subject: [PATCH 7/9] Kick from docker-compose --- docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 558f17cda78..756e74a5f99 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,7 +21,6 @@ services: WEB_UI_CONFIG: ${WEB_UI_CONFIG:-/web/config.json} WEB_ASSET_PATH: ${WEB_ASSET_PATH:-/web/dist} WEB_UI_THEME_PATH: ${WEB_UI_THEME_PATH:-/themes/owncloud/theme.json} - WEB_OPTION_TOKEN_STORAGE_LOCAL: "true" #FRONTEND FRONTEND_SEARCH_MIN_LENGTH: "2" From 6d6ac19225e71fb1cbc09b111e9e5a38eb9b71a2 Mon Sep 17 00:00:00 2001 From: Jan Date: Wed, 12 Jul 2023 09:33:14 +0200 Subject: [PATCH 8/9] Add to gettings-started.md --- docs/getting-started.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/getting-started.md b/docs/getting-started.md index 5d180317e59..cafc21d5eeb 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -73,6 +73,9 @@ Depending on the backend you are using, there are sample config files provided i - `options.editor.autosaveInterval` Specifies the time interval for the autosave of editor apps in seconds. - `options.contextHelpersReadMore` Specifies whether the "Read more" link should be displayed or not. - `options.openLinksWithDefaultApp` Specifies whether single file link shares should be opened with default app or not. +- `options.tokenStorageLocal` Specifies whether the access token will be stored in the local storage when set to 'true' + or in the session storage when set to 'false''. If stored in the local storage, login state will be persisted across + multiple browser tabs, means no additional logins are required. Defaults to 'false'. #### Scripts and Styles From e4a583561fc1f94d6c74fef103e56cb1fe580719 Mon Sep 17 00:00:00 2001 From: Jan Date: Wed, 12 Jul 2023 12:01:21 +0200 Subject: [PATCH 9/9] Update docs/getting-started.md Co-authored-by: Jannik Stehle <50302941+JammingBen@users.noreply.github.com> --- docs/getting-started.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/getting-started.md b/docs/getting-started.md index cafc21d5eeb..b2d8f3ef084 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -73,9 +73,7 @@ Depending on the backend you are using, there are sample config files provided i - `options.editor.autosaveInterval` Specifies the time interval for the autosave of editor apps in seconds. - `options.contextHelpersReadMore` Specifies whether the "Read more" link should be displayed or not. - `options.openLinksWithDefaultApp` Specifies whether single file link shares should be opened with default app or not. -- `options.tokenStorageLocal` Specifies whether the access token will be stored in the local storage when set to 'true' - or in the session storage when set to 'false''. If stored in the local storage, login state will be persisted across - multiple browser tabs, means no additional logins are required. Defaults to 'false'. +- `options.tokenStorageLocal` Specifies whether the access token will be stored in the local storage when set to `true` or in the session storage when set to `false`. If stored in the local storage, login state will be persisted across multiple browser tabs, means no additional logins are required. Defaults to `true`. #### Scripts and Styles