Merge pull request #204 from mngoe/OP-2347

add crsfToken on mobile graphql request

Author: delcroip

app/src/main/graphql/org.openimis.imispolicies/GetCsrfToken.graphql

@@ -0,0 +1,5 @@
+mutation GetCsrfToken {
+    getCsrfToken {
+        csrfToken
+    }
+}

app/src/main/graphql/org.openimis.imispolicies/schema.graphqls

@@ -4797,6 +4797,7 @@ Skip indicates that the claim is not selected for review
   revokeToken(refreshToken: String): Revoke
   deleteTokenCookie: DeleteJSONWebTokenCookie
   deleteRefreshTokenCookie: DeleteRefreshTokenCookie
+  getCsrfToken: GetCsrfTokenMutationPayload
 }
 
 type CreateHeraSubscriptionMutationPayload {
@@ -8724,6 +8725,10 @@ type ResetPasswordMutationPayload {
   clientMutationId: String
 }
 
+type GetCsrfTokenMutationPayload {
+  csrfToken: String
+}
+
 input ResetPasswordMutationInput {
   """
   Username of the account to recover

app/src/main/java/org/openimis/imispolicies/network/okhttp/AuthorizationInterceptor.java

@@ -14,7 +14,7 @@
 import okhttp3.Response;
 
 public class AuthorizationInterceptor implements Interceptor {
-    private static final String REQUESTED_WITH = "mobile";
+    private static final String REQUESTED_WITH = "webapp";
 
     @NonNull
     private final LoginRepository repository;
@@ -33,9 +33,10 @@ public Response intercept(@NonNull Chain chain) throws IOException {
         }
         Request.Builder builder = chain.request().newBuilder();
         builder.addHeader("Authorization", "bearer " + token.trim());
-        builder.addHeader("X-Requested-With", REQUESTED_WITH);
+        //builder.addHeader("Content-Type", "application/json");
         if(!StringUtils.isEmpty(csrfToken)){
-            builder.addHeader("X-CSRFToken", csrfToken);
+            builder.addHeader("X-Csrftoken", csrfToken);
+            builder.addHeader("X-Requested-With", REQUESTED_WITH);
         }
         Response response = chain.proceed(builder.build());
         if (response.code() == HttpURLConnection.HTTP_UNAUTHORIZED) {

app/src/main/java/org/openimis/imispolicies/network/request/BaseGraphQLRequest.java

@@ -31,6 +31,7 @@ public abstract class BaseGraphQLRequest {
 
     private static final ApolloClient apolloClient = ApolloClient.builder()
             .okHttpClient(OkHttpUtils.getDefaultOkHttpClient())
+            .useHttpGetMethodForQueries(true)
             .serverUrl(URI)
             .addCustomTypeAdapter(CustomType.DATE, new DateCustomTypeAdapter())
             .addCustomTypeAdapter(CustomType.DATETIME, new DateTimeCustomTypeAdapter())

app/src/main/java/org/openimis/imispolicies/network/request/GetCsrfTokenGraphQLMutation.java

@@ -1,66 +1,21 @@
 package org.openimis.imispolicies.network.request;
 
-import android.media.session.MediaSession;
-
 import androidx.annotation.NonNull;
 import androidx.annotation.WorkerThread;
 
-import com.apollographql.apollo.api.internal.QueryDocumentMinifier;
-
-import org.json.JSONObject;
-import org.openimis.imispolicies.BuildConfig;
-import org.openimis.imispolicies.Global;
-import org.openimis.imispolicies.ToRestApi;
-import org.openimis.imispolicies.tools.Log;
-
+import org.openimis.imispolicies.GetCsrfTokenMutation;
 import java.util.Objects;
 
-import okhttp3.MediaType;
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
-import okhttp3.RequestBody;
-import okhttp3.Response;
-
 public class GetCsrfTokenGraphQLMutation extends BaseGraphQLRequest {
 
-    private static final String URI = BuildConfig.API_BASE_URL + "api/graphql";
-    public static final MediaType JSON = MediaType.get("application/json; charset=utf-8");
-    protected Global global;
-
-
     @WorkerThread
     @NonNull
-    public Response get(@NonNull String jwtToken) throws Exception {
-
-        String QUERY_DOCUMENT = QueryDocumentMinifier.minify(
-                "mutation {"
-                        + "  getCsrfToken {"
-                        + " csrfToken"
-                        + " } "
-                        + " } "
-        );
-
-        JSONObject json = new JSONObject();
-        json.put("query", QUERY_DOCUMENT);
-        OkHttpClient.Builder builder = new OkHttpClient.Builder();
-        OkHttpClient httpClient = builder.build();
-        RequestBody body = RequestBody.create(json.toString(), JSON);
-        Request request = new Request.Builder()
-                .url(URI)
-                .addHeader("Authorization","bearer " + jwtToken)
-                .post(body)
-                .build();
-
-        Response response = httpClient.newCall(request).execute();
-        int responseCode = response.code();
-
-        Log.i("HTTP_POST", URI + " - " + responseCode);
-        Log.i("GetCsrfToken", QUERY_DOCUMENT);
-
-        String responsePhrase = Objects.requireNonNull(response.body()).string();
-        Log.i("RESPONSE", String.format("response: %d %s", responseCode, responsePhrase));
-
-        return response;
-
+    public String get() throws Exception {
+        com.apollographql.apollo.api.Response<GetCsrfTokenMutation.Data> response = makeSynchronous(new GetCsrfTokenMutation());
+        return Objects.requireNonNull(
+                Objects.requireNonNull(
+                        Objects.requireNonNull(response.getData(), "data is null")
+                                .getCsrfToken(), "csrfToken is null"
+                ).csrfToken(), "csrfToken is null");
     }
 }

app/src/main/java/org/openimis/imispolicies/repository/LoginRepository.java

@@ -13,6 +13,7 @@
 import org.openimis.imispolicies.BuildConfig;
 import org.openimis.imispolicies.Global;
 import org.openimis.imispolicies.Token;
+import org.openimis.imispolicies.tools.Log;
 
 import java.util.Date;
 
@@ -72,7 +73,9 @@ public String getFhirToken() {
     }
 
     @Nullable
-    public String getCsrfToken() { return prefs.getString(CSRF_TOKEN, null);}
+    public String getCsrfToken() {
+        return prefs.getString(CSRF_TOKEN, null);
+    }
 
     /**
      * Logic taken from [Token.java]
@@ -179,5 +182,6 @@ public void saveCsrfToken( @Nullable String csrfToken){
         } else {
             editor.putString(CSRF_TOKEN, csrfToken);
         }
+        editor.apply();
     }
 }

app/src/main/java/org/openimis/imispolicies/usecase/Login.java

@@ -59,10 +59,8 @@ public void execute(@NonNull String username, @NonNull String password) throws E
         }
         try {
             TokenDto token = request.post(new LoginDto(username.trim(), password));
-            Response response = new GetCsrfTokenGraphQLMutation().get(token.getToken());
-            String csrfToken = Objects.requireNonNull(response.body()).toString();
-            Log.e("response token", response.body().toString());
             repository.saveFhirToken(token.getToken(), new Date(token.getExpiresOn()), officerCode);
+            String csrfToken = new GetCsrfTokenGraphQLMutation().get();
             repository.saveCsrfToken(csrfToken);
             if (isPaymentEnabled) {
                 token = loginToRestApi(username, password);