Authorize websocket requests with protocol header

dist/origin-web-common-services.js

@@ -612,7 +612,7 @@ angular.module('openshiftCommonServices')
   	}
   };
 
-  this.$get = function($q, $injector, $log, $rootScope, Logger) {
+  this.$get = function($q, $injector, $log, $rootScope, Logger, base64) {
     var authLogger = Logger.get("auth");
     authLogger.log('AuthServiceProvider.$get', arguments);
 
@@ -693,8 +693,23 @@ angular.module('openshiftCommonServices')
 
         // Handle web socket requests with a parameter
         if (config.method === 'WATCH') {
-          config.url = URI(config.url).addQuery({access_token: token}).toString();
-          authLogger.log('AuthService.addAuthToRequest(), added token param', config.url);
+          // Ensure protocols is defined
+          config.protocols = config.protocols || [];
+
+          // Ensure protocols is an array
+          if (!_.isArray(config.protocols)) {
+            config.protocols = [config.protocols];
+          }
+
+          // Ensure protocols has at least one item in it (for the server to echo back once the bearer protocol is stripped out)
+          if (config.protocols.length == 0) {
+            config.protocols.unshift("undefined");
+          }
+
+          // Prepend the bearer token protocol
+          config.protocols.unshift("base64url.bearer.authorization.k8s.io."+base64.urlencode(token));
+
+          authLogger.log('AuthService.addAuthToRequest(), added token protocol', config.protocols);
         } else {
           config.headers["Authorization"] = "Bearer " + token;
           authLogger.log('AuthService.addAuthToRequest(), added token header', config.headers["Authorization"]);

dist/origin-web-common.js

@@ -2336,7 +2336,7 @@ angular.module('openshiftCommonServices')
   	}
   };
 
-  this.$get = ["$q", "$injector", "$log", "$rootScope", "Logger", function($q, $injector, $log, $rootScope, Logger) {
+  this.$get = ["$q", "$injector", "$log", "$rootScope", "Logger", "base64", function($q, $injector, $log, $rootScope, Logger, base64) {
     var authLogger = Logger.get("auth");
     authLogger.log('AuthServiceProvider.$get', arguments);
 
@@ -2417,8 +2417,23 @@ angular.module('openshiftCommonServices')
 
         // Handle web socket requests with a parameter
         if (config.method === 'WATCH') {
-          config.url = URI(config.url).addQuery({access_token: token}).toString();
-          authLogger.log('AuthService.addAuthToRequest(), added token param', config.url);
+          // Ensure protocols is defined
+          config.protocols = config.protocols || [];
+
+          // Ensure protocols is an array
+          if (!_.isArray(config.protocols)) {
+            config.protocols = [config.protocols];
+          }
+
+          // Ensure protocols has at least one item in it (for the server to echo back once the bearer protocol is stripped out)
+          if (config.protocols.length == 0) {
+            config.protocols.unshift("undefined");
+          }
+
+          // Prepend the bearer token protocol
+          config.protocols.unshift("base64url.bearer.authorization.k8s.io."+base64.urlencode(token));
+
+          authLogger.log('AuthService.addAuthToRequest(), added token protocol', config.protocols);
         } else {
           config.headers["Authorization"] = "Bearer " + token;
           authLogger.log('AuthService.addAuthToRequest(), added token header', config.headers["Authorization"]);

dist/origin-web-common.min.js

@@ -930,7 +930,7 @@ var loadService = function(injector, name, setter) {
 if (name) return angular.isString(name) ? injector.get(name) :injector.invoke(name);
 throw setter + " not set";
 };
-this.$get = [ "$q", "$injector", "$log", "$rootScope", "Logger", function($q, $injector, $log, $rootScope, Logger) {
+this.$get = [ "$q", "$injector", "$log", "$rootScope", "Logger", "base64", function($q, $injector, $log, $rootScope, Logger, base64) {
 var authLogger = Logger.get("auth");
 authLogger.log("AuthServiceProvider.$get", arguments);
 var _loginCallbacks = $.Callbacks(), _logoutCallbacks = $.Callbacks(), _userChangedCallbacks = $.Callbacks(), _loginPromise = null, _logoutPromise = null, userStore = loadService($injector, _userStore, "AuthServiceProvider.UserStore()");
@@ -960,9 +960,7 @@ return authLogger.log("AuthService.requestRequiresAuth()", config.url.toString()
 },
 addAuthToRequest:function(config) {
 var token = "";
-return config && config.auth && config.auth.token ? (token = config.auth.token, authLogger.log("AuthService.addAuthToRequest(), using token from request config", token)) :(token = userStore.getToken(), authLogger.log("AuthService.addAuthToRequest(), using token from user store", token)), token ? ("WATCH" === config.method ? (config.url = URI(config.url).addQuery({
-access_token:token
-}).toString(), authLogger.log("AuthService.addAuthToRequest(), added token param", config.url)) :(config.headers.Authorization = "Bearer " + token, authLogger.log("AuthService.addAuthToRequest(), added token header", config.headers.Authorization)), !0) :(authLogger.log("AuthService.addAuthToRequest(), no token available"), !1);
+return config && config.auth && config.auth.token ? (token = config.auth.token, authLogger.log("AuthService.addAuthToRequest(), using token from request config", token)) :(token = userStore.getToken(), authLogger.log("AuthService.addAuthToRequest(), using token from user store", token)), token ? ("WATCH" === config.method ? (config.protocols = config.protocols || [], _.isArray(config.protocols) || (config.protocols = [ config.protocols ]), 0 == config.protocols.length && config.protocols.unshift("undefined"), config.protocols.unshift("base64url.bearer.authorization.k8s.io." + base64.urlencode(token)), authLogger.log("AuthService.addAuthToRequest(), added token protocol", config.protocols)) :(config.headers.Authorization = "Bearer " + token, authLogger.log("AuthService.addAuthToRequest(), added token header", config.headers.Authorization)), !0) :(authLogger.log("AuthService.addAuthToRequest(), no token available"), !1);
 },
 startLogin:function() {
 if (_loginPromise) return authLogger.log("Login already in progress"), _loginPromise;

src/services/authService.js

@@ -57,7 +57,7 @@ angular.module('openshiftCommonServices')
   	}
   };
 
-  this.$get = function($q, $injector, $log, $rootScope, Logger) {
+  this.$get = function($q, $injector, $log, $rootScope, Logger, base64) {
     var authLogger = Logger.get("auth");
     authLogger.log('AuthServiceProvider.$get', arguments);
 
@@ -138,8 +138,23 @@ angular.module('openshiftCommonServices')
 
         // Handle web socket requests with a parameter
         if (config.method === 'WATCH') {
-          config.url = URI(config.url).addQuery({access_token: token}).toString();
-          authLogger.log('AuthService.addAuthToRequest(), added token param', config.url);
+          // Ensure protocols is defined
+          config.protocols = config.protocols || [];
+
+          // Ensure protocols is an array
+          if (!_.isArray(config.protocols)) {
+            config.protocols = [config.protocols];
+          }
+
+          // Ensure protocols has at least one item in it (for the server to echo back once the bearer protocol is stripped out)
+          if (config.protocols.length == 0) {
+            config.protocols.unshift("undefined");
+          }
+
+          // Prepend the bearer token protocol
+          config.protocols.unshift("base64url.bearer.authorization.k8s.io."+base64.urlencode(token));
+
+          authLogger.log('AuthService.addAuthToRequest(), added token protocol', config.protocols);
         } else {
           config.headers["Authorization"] = "Bearer " + token;
           authLogger.log('AuthService.addAuthToRequest(), added token header', config.headers["Authorization"]);