provide sessionId in app JSON, and accept it as header or param

2018-07-05 13:25:20 +02:00 · 2018-07-05 13:25:20 +02:00 · dc27f532b4
parent 0f5331f53e
commit dc27f532b4
2 changed files with 12 additions and 6 deletions
--- a/app/controllers/Auth.scala
+++ b/app/controllers/Auth.scala
@ -20,11 +20,12 @@ object Auth extends LilaController {
  private def api = env.api
  private def forms = env.forms

-  private def mobileUserOk(u: UserModel): Fu[Result] =
+  private def mobileUserOk(u: UserModel, sessionId: String): Fu[Result] =
    lila.game.GameRepo urgentGames u map { povs =>
      Ok {
        Env.user.jsonView(u) ++ Json.obj(
-          "nowPlaying" -> JsArray(povs take 20 map Env.api.lobbyApi.nowPlaying)
+          "nowPlaying" -> JsArray(povs take 20 map Env.api.lobbyApi.nowPlaying),
+          "sessionId" -> sessionId
        )
      }
    }
@ -51,7 +52,7 @@ object Auth extends LilaController {
              routes.Lobby.home.url
            result.fold(Redirect(redirectTo))(_(redirectTo))
          },
-          api = _ => mobileUserOk(u)
+          api = _ => mobileUserOk(u, sessionId)
        ) map authenticateCookie(sessionId)
      } recoverWith authRecovery
    )
@ -299,7 +300,7 @@ object Auth extends LilaController {
    api.saveAuthentication(user.id, ctx.mobileApiVersion) flatMap { sessionId =>
      negotiate(
        html = Redirect(routes.User.show(user.username)).fuccess,
-        api = _ => mobileUserOk(user)
+        api = _ => mobileUserOk(user, sessionId)
      ) map authenticateCookie(sessionId)
    } recoverWith authRecovery
  }
--- a/modules/security/src/main/SecurityApi.scala
+++ b/modules/security/src/main/SecurityApi.scala
@ -13,8 +13,8 @@ import scala.concurrent.duration._
 import lila.common.{ ApiVersion, IpAddress, EmailAddress }
 import lila.db.BSON.BSONJodaDateTimeHandler
 import lila.db.dsl._
-import lila.user.{ User, UserRepo }
 import lila.oauth.OAuthServer
+import lila.user.{ User, UserRepo }
 import User.LoginCandidate

 final class SecurityApi(
@ -120,7 +120,12 @@ final class SecurityApi(
  def setFingerPrint(req: RequestHeader, fp: FingerPrint): Fu[Option[FingerHash]] =
    reqSessionId(req) ?? { Store.setFingerPrint(_, fp) map some }

-  def reqSessionId(req: RequestHeader) = req.session get "sessionId"
+  private val sessionIdKey = "sessionId"
+
+  def reqSessionId(req: RequestHeader): Option[String] =
+    req.session.get(sessionIdKey) orElse
+      req.headers.get(sessionIdKey) orElse
+      req.queryString.get(sessionIdKey).flatMap(_.headOption)

  def userIdsSharingIp = userIdsSharingField("ip") _