Fix: Django session+csrftoken handling

claimManagement/build.gradle

@@ -202,6 +202,9 @@ apollo {
 }
 
 tasks.withType(Test).configureEach {
+    maxHeapSize = "1536m"
+    maxParallelForks = 1
+    forkEvery = 50
     testLogging {
         events "passed", "skipped", "failed"
         exceptionFormat "full"

claimManagement/src/main/java/org/openimis/imisclaims/Global.java

@@ -60,6 +60,7 @@
 import static org.openimis.imisclaims.BuildConfig.RAR_PASSWORD;
 
 import org.openimis.imisclaims.tools.Log;
+import org.openimis.imisclaims.network.util.PersistentCookieJar;
 
 public class Global extends Application {
     private static final String SHPREF_NAME = "SHPref";
@@ -76,6 +77,7 @@ public class Global extends Application {
     private static final String _DefaultRarPassword = RAR_PASSWORD;
     private Token JWTToken;
     private String[] permissions;
+    private PersistentCookieJar cookieJar;
 
     public static boolean isRunningTest() {
         try {
@@ -129,6 +131,14 @@ public void setUserId(int userId) {
         UserId = userId;
     }
 
+    public void setCookieJar(PersistentCookieJar jar) {
+        this.cookieJar = jar;
+    }
+
+    public PersistentCookieJar getCookieJar() {
+        return cookieJar;
+    }
+
     public void setOfficerName(String officerName) {
         OfficerName = officerName;
     }
@@ -153,10 +163,20 @@ public String getCsrfToken(){
     }
 
     public boolean isLoggedIn() {
-        boolean isLoggedIn = getJWTToken().isTokenValidJWT();
+        long expiry = getDefaultSharedPreferences()
+                .getLong("session_expiry", 0);
+
+        boolean isLoggedIn = getJWTToken().isTokenValidJWT()
+                && expiry > System.currentTimeMillis();
+
         if (!isLoggedIn) {
             getJWTToken().clearToken();
+
+            if (cookieJar != null) {
+                cookieJar.clear();
+            }
         }
+
         return isLoggedIn;
     }
 

claimManagement/src/main/java/org/openimis/imisclaims/network/okhttp/AuthorizationInterceptor.java

@@ -14,6 +14,7 @@
 import okhttp3.Interceptor;
 import okhttp3.Request;
 import okhttp3.Response;
+import okhttp3.ResponseBody;
 
 public class AuthorizationInterceptor implements Interceptor {
 
@@ -34,10 +35,21 @@ public Response intercept(@NonNull Chain chain) throws IOException {
             Request.Builder builder = chain.request().newBuilder();
             builder.addHeader("Authorization", "bearer " + token.getTokenText().trim());
             builder.addHeader("User-Agent", USER_AGENT);
+            if (csrfToken != null && !csrfToken.trim().isEmpty()) {
+                builder.addHeader("X-CSRFToken", csrfToken);
+            }
             Response response = chain.proceed(builder.build());
-            if (response.code() == HttpURLConnection.HTTP_UNAUTHORIZED) {
+            ResponseBody body = response.peekBody(Long.MAX_VALUE);
+            String bodyString = body.string();
+
+            if (bodyString.contains("'csrftoken'") || response.code() == HttpURLConnection.HTTP_UNAUTHORIZED) {
+
                 global.getJWTToken().clearToken();
-            }
+
+                if (global.getCookieJar() != null) {
+                    global.getCookieJar().clear();
+                }
+                response = chain.proceed(chain.request());}
             return response;
         }
         return chain.proceed(chain.request());

claimManagement/src/main/java/org/openimis/imisclaims/network/request/GetHealthfacilityGraphQLRequest.java

@@ -12,7 +12,16 @@
 public class GetHealthfacilityGraphQLRequest extends BaseGraphQLRequest{
     @NonNull
     @WorkerThread
-    public List<GetHealthFacilityQuery.Edge> get (@NonNull String HfCode) throws Exception {
-        return makeSynchronous(new GetHealthFacilityQuery(Input.fromNullable(HfCode))).getData().healthFacilities().edges();
+    public List<GetHealthFacilityQuery.Edge> get(@NonNull String hfCode) throws Exception {
+
+        GetHealthFacilityQuery.Data data =
+                makeSynchronous(new GetHealthFacilityQuery(Input.fromNullable(hfCode)))
+                        .getData();
+
+        if (data == null || data.healthFacilities() == null || data.healthFacilities().edges() == null) {
+            return java.util.Collections.emptyList();
+        }
+
+        return data.healthFacilities().edges();
     }
 }

claimManagement/src/main/java/org/openimis/imisclaims/network/util/OkHttpUtils.java

@@ -7,6 +7,7 @@
 import org.openimis.imisclaims.BuildConfig;
 import org.openimis.imisclaims.Global;
 import org.openimis.imisclaims.network.okhttp.AuthorizationInterceptor;
+import org.openimis.imisclaims.network.util.PersistentCookieJar;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
@@ -23,12 +24,17 @@ private OkHttpUtils() {
         throw new IllegalAccessError("This constructor is private");
     }
 
+
     @NonNull
     public static OkHttpClient getDefaultOkHttpClient() {
         if (client == null) {
             synchronized (OkHttpUtils.class) {
                 if (client == null) {
                     OkHttpClient.Builder builder = new OkHttpClient.Builder();
+                    PersistentCookieJar cookieJar =
+                            new PersistentCookieJar(Global.getGlobal().getDefaultSharedPreferences());
+                    Global.getGlobal().setCookieJar(cookieJar);
+                    builder.cookieJar(cookieJar);
                     HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
                     interceptor.setLevel(BuildConfig.DEBUG ? HttpLoggingInterceptor.Level.BODY : HttpLoggingInterceptor.Level.BASIC);
                     builder.addInterceptor(interceptor);

claimManagement/src/main/java/org/openimis/imisclaims/network/util/PersistentCookieJar.java

@@ -0,0 +1,63 @@
+package org.openimis.imisclaims.network.util;
+
+import android.content.SharedPreferences;
+
+import androidx.annotation.NonNull;
+
+import okhttp3.Cookie;
+import okhttp3.CookieJar;
+import okhttp3.HttpUrl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class PersistentCookieJar implements CookieJar {
+
+    private final SharedPreferences prefs;
+
+    public PersistentCookieJar(SharedPreferences prefs) {
+        this.prefs = prefs;
+    }
+
+    @Override
+    public void saveFromResponse(@NonNull HttpUrl url, List<Cookie> cookies) {
+
+        for (Cookie cookie : cookies) {
+            if ("openimis_session".equals(cookie.name())) {
+
+                prefs.edit()
+                        .putString("session_value", cookie.value())
+                        .putLong("session_expiry", cookie.expiresAt())
+                        .apply();
+            }
+        }
+    }
+
+    @NonNull
+    @Override
+    public List<Cookie> loadForRequest(HttpUrl url) {
+
+        String value = prefs.getString("session_value", null);
+        long expiry = prefs.getLong("session_expiry", -1);
+
+        if (value == null || expiry == -1) {
+            return new ArrayList<>();
+        }
+
+        Cookie cookie = new Cookie.Builder()
+                .name("openimis_session")
+                .value(value)
+                .domain(url.host())
+                .path("/")
+                .expiresAt(expiry)
+                .build();
+
+        List<Cookie> cookies = new ArrayList<>();
+        cookies.add(cookie);
+        return cookies;
+    }
+
+    public void clear() {
+        prefs.edit().clear().apply();
+    }
+}

claimManagement/src/test/java/org/openimis/imisclaims/GlobalSessionTest.java

@@ -0,0 +1,65 @@
+package org.openimis.imisclaims;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import android.content.SharedPreferences;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.openimis.imisclaims.network.util.PersistentCookieJar;
+
+@RunWith(MockitoJUnitRunner.class)
+public class GlobalSessionTest {
+
+    @Mock
+    private Token token;
+    @Mock
+    private SharedPreferences preferences;
+    @Mock
+    private PersistentCookieJar cookieJar;
+
+    private Global global;
+
+    @Before
+    public void setUp() {
+        global = spy(new Global());
+        doReturn(token).when(global).getJWTToken();
+        doReturn(preferences).when(global).getDefaultSharedPreferences();
+        global.setCookieJar(cookieJar);
+    }
+
+    @Test
+    public void isLoggedIn_trueOnlyWhenJwtValidAndSessionNotExpired_otherwiseClearsState() {
+        when(token.isTokenValidJWT()).thenReturn(true);
+        when(preferences.getLong("session_expiry", 0)).thenReturn(System.currentTimeMillis() + 5_000);
+        assertTrue(global.isLoggedIn());
+        verify(token, never()).clearToken();
+
+        when(token.isTokenValidJWT()).thenReturn(false);
+        when(preferences.getLong("session_expiry", 0)).thenReturn(System.currentTimeMillis() + 5_000);
+        assertFalse(global.isLoggedIn());
+        verify(token).clearToken();
+        verify(cookieJar).clear();
+
+        when(token.isTokenValidJWT()).thenReturn(true);
+        when(preferences.getLong("session_expiry", 0)).thenReturn(System.currentTimeMillis() - 5_000);
+        assertFalse(global.isLoggedIn());
+    }
+
+    @Test
+    public void cookieJar_reference_setAndGet_roundTrip() {
+        PersistentCookieJar anotherJar = org.mockito.Mockito.mock(PersistentCookieJar.class);
+        global.setCookieJar(anotherJar);
+        assertSame(anotherJar, global.getCookieJar());
+    }
+}