add csrfToken in graphql request

Author: vaneck237

claimManagement/src/main/java/org/openimis/imisclaims/Global.java

@@ -65,6 +65,7 @@ public class Global extends Application {
     private static final String SHPREF_NAME = "SHPref";
     private static final String SHPREF_LANGUAGE = "language";
     private static final String DEFAULT_LANGUAGE_CODE = "en";
+    private static final String SHPREF_CSRF = "csrfToken";
     private static Global instance;
     private String OfficerCode;
     private String OfficerHealthFacility;
@@ -137,6 +138,11 @@ public Token getJWTToken() {
         return JWTToken;
     }
 
+    public String getCsrfToken(){
+        SharedPreferences sp = getDefaultSharedPreferences();
+        return sp.getString(SHPREF_CSRF,null);
+    }
+
     public boolean isLoggedIn() {
         boolean isLoggedIn = getJWTToken().isTokenValidJWT();
         if (!isLoggedIn) {

claimManagement/src/main/java/org/openimis/imisclaims/MainActivity.java

@@ -569,22 +569,22 @@ public void DownLoadDiagnosesServicesItems(@Nullable final String officerCode) {
             Thread thread = new Thread() {
                 public void run() {
                     try {
-                        DiagnosesServicesMedications diagnosesServicesMedications = new FetchDiagnosesServicesItems().execute();
-                        saveLastUpdateDate(diagnosesServicesMedications.getLastUpdated());
+//                        DiagnosesServicesMedications diagnosesServicesMedications = new FetchDiagnosesServicesItems().execute();
+//                        saveLastUpdateDate(diagnosesServicesMedications.getLastUpdated());
                         sqlHandler.ClearAll("tblReferences");
                         sqlHandler.ClearAll("tblHealthFacilities");
                         sqlHandler.ClearMapping("S");
                         sqlHandler.ClearMapping("I");
                         //Insert Diagnoses
-                        for (Diagnosis diagnosis : diagnosesServicesMedications.getDiagnoses()) {
-                            sqlHandler.InsertReferences(diagnosis.getCode(), diagnosis.getName(), "D", "");
-                        }
+//                        for (Diagnosis diagnosis : diagnosesServicesMedications.getDiagnoses()) {
+//                            sqlHandler.InsertReferences(diagnosis.getCode(), diagnosis.getName(), "D", "");
+//                        }
 
                         //Insert Services
-                        for (Service service : diagnosesServicesMedications.getServices()) {
-                            sqlHandler.InsertReferences(service.getCode(), service.getName(), "S", String.valueOf(service.getPrice()));
-                            sqlHandler.InsertMapping(service.getCode(), service.getName(), "S");
-                        }
+//                        for (Service service : diagnosesServicesMedications.getServices()) {
+//                            sqlHandler.InsertReferences(service.getCode(), service.getName(), "S", String.valueOf(service.getPrice()));
+//                            sqlHandler.InsertMapping(service.getCode(), service.getName(), "S");
+//                        }
 
                         //Insert Items
                         List<Medication> medications = new FetchMedications().execute();

claimManagement/src/main/java/org/openimis/imisclaims/network/okhttp/AuthorizationInterceptor.java

@@ -6,6 +6,7 @@
 
 import org.openimis.imisclaims.Global;
 import org.openimis.imisclaims.Token;
+import org.openimis.imisclaims.tools.Log;
 
 import java.io.IOException;
 import java.net.HttpURLConnection;
@@ -22,14 +23,21 @@ public class AuthorizationInterceptor implements Interceptor {
     public AuthorizationInterceptor(@NonNull Global global) {
         this.global = global;
     }
+    private static final String REQUESTED_WITH = "mobile_app";
 
     @NonNull
     @Override
     public Response intercept(@NonNull Chain chain) throws IOException {
         Token token = global.getJWTToken();
+        String csrfToken = global.getCsrfToken();
         if (token != null && token.isTokenValidJWT()) {
             Request.Builder builder = chain.request().newBuilder();
             builder.addHeader("Authorization", "bearer " + token.getTokenText().trim());
+            if(csrfToken != null){
+                Log.e("csrf token", csrfToken);
+                builder.addHeader("X-Csrftoken", csrfToken);
+                builder.addHeader("X-Requested-With", REQUESTED_WITH);
+            }
             Response response = chain.proceed(builder.build());
             if (response.code() == HttpURLConnection.HTTP_UNAUTHORIZED) {
                 global.getJWTToken().clearToken();

claimManagement/src/main/java/org/openimis/imisclaims/network/request/BaseGraphQLRequest.java

@@ -5,6 +5,7 @@
 
 import com.apollographql.apollo.ApolloCall;
 import com.apollographql.apollo.ApolloClient;
+import com.apollographql.apollo.api.Mutation;
 import com.apollographql.apollo.api.Operation;
 import com.apollographql.apollo.api.Query;
 import com.apollographql.apollo.api.Response;
@@ -14,9 +15,11 @@
 import org.openimis.imisclaims.network.apollo.DateCustomTypeAdapter;
 import org.openimis.imisclaims.network.apollo.DateTimeCustomTypeAdapter;
 import org.openimis.imisclaims.network.apollo.DecimalCustomTypeAdapter;
+import org.openimis.imisclaims.network.exception.HttpException;
 import org.openimis.imisclaims.network.util.OkHttpUtils;
 import org.openimis.imisclaims.type.CustomType;
 
+import java.net.HttpURLConnection;
 import java.util.concurrent.Semaphore;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
@@ -62,4 +65,54 @@ public void onFailure(@NonNull ApolloException e) {
         }
         return responses[0];
     }
+
+    @NonNull
+    @WorkerThread
+    protected <T extends Operation.Data> Response<T> makeSynchronous(Operation<T, ?, ?> query) throws Exception {
+        Semaphore semaphore = new Semaphore(0);
+        final Exception[] exceptions = new Exception[1];
+        final Response<T>[] responses = new Response[1];
+        ApolloCall<?> call;
+        if (query instanceof Query) {
+            call = apolloClient.query((Query<T, ?, ?>) query);
+        } else if(query instanceof Mutation) {
+            call = apolloClient.mutate((Mutation<T, ?, ?>) query);
+        } else {
+            throw new IllegalArgumentException("Query is unsupported");
+        }
+        call.enqueue(new ApolloCall.Callback() {
+            @Override
+            public void onResponse(@NonNull Response response) {
+                responses[0] = response;
+                semaphore.release();
+            }
+
+            @Override
+            public void onFailure(@NonNull ApolloException e) {
+                exceptions[0] = e;
+                semaphore.release();
+            }
+        });
+        if (!semaphore.tryAcquire(TIME_OUT_IN_MS, TimeUnit.MILLISECONDS)) {
+            throw new TimeoutException("Call couldn't finish within " + TIME_OUT_IN_MS + "ms");
+        }
+        Exception exception = exceptions[0];
+        if (exception != null) {
+            throw exception;
+        }
+        Response<T> response = responses[0];
+        if (response.hasErrors()) {
+            String details = response.getErrors().get(0).getMessage();
+            if (details.equals("User not authorized for this operation")) {
+                throw new HttpException(
+                        HttpURLConnection.HTTP_UNAUTHORIZED,
+                        details,
+                        null,
+                        null
+                );
+            }
+            throw new RuntimeException(response.toString());
+        }
+        return response;
+    }
 }

…request/GetCrsfTokenGraphQLMutation.java …request/GetCsrfTokenGraphQLMutation.javaclaimManagement/src/main/java/org/openimis/imisclaims/network/request/GetCrsfTokenGraphQLMutation.java renamed to claimManagement/src/main/java/org/openimis/imisclaims/network/request/GetCsrfTokenGraphQLMutation.java claimManagement/src/main/java/org/openimis/imisclaims/network/request/GetCrsfTokenGraphQLMutation.java renamed to claimManagement/src/main/java/org/openimis/imisclaims/network/request/GetCsrfTokenGraphQLMutation.java

@@ -7,7 +7,7 @@
 
 import java.util.Objects;
 
-public class GetCrsfTokenGraphQLMutation extends BaseGraphQLRequest {
+public class GetCsrfTokenGraphQLMutation extends BaseGraphQLRequest {
 
     @WorkerThread
     @NonNull

claimManagement/src/main/java/org/openimis/imisclaims/network/util/OkHttpUtils.java

@@ -8,6 +8,8 @@
 import org.openimis.imisclaims.Global;
 import org.openimis.imisclaims.network.okhttp.AuthorizationInterceptor;
 
+import java.util.concurrent.TimeUnit;
+
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
@@ -29,6 +31,8 @@ public static OkHttpClient getDefaultOkHttpClient() {
             synchronized (OkHttpUtils.class) {
                 if (client == null) {
                     OkHttpClient.Builder builder = new OkHttpClient.Builder();
+                    builder.connectTimeout(20000, TimeUnit.MILLISECONDS)
+                            .readTimeout(200000, TimeUnit.MILLISECONDS);
                     HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
                     interceptor.setLevel(BuildConfig.DEBUG ? HttpLoggingInterceptor.Level.BODY : HttpLoggingInterceptor.Level.BASIC);
                     builder.addInterceptor(interceptor);

claimManagement/src/main/java/org/openimis/imisclaims/usecase/Login.java

@@ -1,13 +1,16 @@
 package org.openimis.imisclaims.usecase;
 
+import android.content.SharedPreferences;
+
 import androidx.annotation.NonNull;
 import androidx.annotation.WorkerThread;
 
 import org.openimis.imisclaims.Global;
 import org.openimis.imisclaims.network.dto.LoginDto;
 import org.openimis.imisclaims.network.dto.TokenDto;
-import org.openimis.imisclaims.network.request.GetCrsfTokenGraphQLMutation;
+import org.openimis.imisclaims.network.request.GetCsrfTokenGraphQLMutation;
 import org.openimis.imisclaims.network.request.LoginRequest;
+import org.openimis.imisclaims.tools.Log;
 
 import java.util.concurrent.TimeUnit;
 
@@ -18,20 +21,21 @@ public class Login {
     @NonNull
     private final Global global;
     @NonNull
-    private final GetCrsfTokenGraphQLMutation getCrsfTokenGraphQLMutation;
+    private final GetCsrfTokenGraphQLMutation getCsrfTokenGraphQLMutation;
+    private static final String SHPREF_CSRF = "csrfToken";
 
     public Login(
             @NonNull LoginRequest request,
             @NonNull Global global,
-            @NonNull GetCrsfTokenGraphQLMutation getCrsfTokenGraphQLMutation
+            @NonNull GetCsrfTokenGraphQLMutation getCsrfTokenGraphQLMutation
     ) {
         this.request = request;
         this.global = global;
-        this.getCrsfTokenGraphQLMutation = getCrsfTokenGraphQLMutation;
+        this.getCsrfTokenGraphQLMutation = getCsrfTokenGraphQLMutation;
     }
 
     public Login() {
-        this(new LoginRequest(), Global.getGlobal(), new GetCrsfTokenGraphQLMutation());
+        this(new LoginRequest(), Global.getGlobal(), new GetCsrfTokenGraphQLMutation());
     }
 
     @WorkerThread
@@ -42,6 +46,11 @@ public void execute(@NonNull String username, String password) {
                     token.getToken(),
                     TimeUnit.SECONDS.toMillis(token.getExpiresOn())
             );
+            String csrfToken = getCsrfTokenGraphQLMutation.get();
+            SharedPreferences sp = global.getDefaultSharedPreferences();
+            SharedPreferences.Editor editor = sp.edit();
+            editor.putString(SHPREF_CSRF, csrfToken);
+            editor.apply();
         } catch (Exception e) {
             e.printStackTrace();
         }