From 314bf53b23655b3f6b3267d027c63f65b0d9c4d1 Mon Sep 17 00:00:00 2001
From: Sonja Happ <sonja.happ@eonerc.rwth-aachen.de>
Date: Mon, 25 Jan 2021 11:34:39 +0100
Subject: [PATCH] send token in query string for file download, omit auth
 header

---
 src/common/api/rest-api.js | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/common/api/rest-api.js b/src/common/api/rest-api.js
index 4e554c7..f40064e 100644
--- a/src/common/api/rest-api.js
+++ b/src/common/api/rest-api.js
@@ -41,7 +41,8 @@ let prevURL = null;
 class RestAPI {
   get(url, token) {
     return new Promise(function (resolve, reject) {
-      var req = request.get(url);
+
+      let req = request.get(url);
 
       if (token != null) {
         req.set('Authorization', "Bearer " + token);
@@ -61,7 +62,7 @@ class RestAPI {
 
   post(url, body, token) {
     return new Promise(function (resolve, reject) {
-      var req = request.post(url).send(body).timeout({ response: 5000 }); // Simple response start timeout (3s)
+      let req = request.post(url).send(body).timeout({ response: 5000 }); // Simple response start timeout (3s)
 
       if (token != null) {
         req.set('Authorization', "Bearer " + token);
@@ -82,7 +83,7 @@ class RestAPI {
 
   delete(url, token) {
     return new Promise(function (resolve, reject) {
-      var req = request.delete(url);
+      let req = request.delete(url);
 
       if (token != null) {
         req.set('Authorization', "Bearer " + token);
@@ -101,7 +102,7 @@ class RestAPI {
 
   put(url, body, token) {
     return new Promise(function (resolve, reject) {
-      var req = request.put(url).send(body);
+      let req = request.put(url).send(body);
 
       if (token != null) {
         req.set('Authorization', "Bearer " + token);
@@ -140,11 +141,14 @@ class RestAPI {
 
   download(url, token, fileID) {
     return new Promise(function (resolve, reject) {
-      let req = request.get(url + "/" + fileID).buffer(true).responseType("blob")
-      // use blob response type and buffer
-      if (token != null) {
-        req.set('Authorization', "Bearer " + token);
+
+      let completeURL = url + "/" + fileID;
+      if (token != null){
+        completeURL = completeURL + "?token=" + action.token
       }
+      let req = request.get(completeURL).buffer(true).responseType("blob")
+      // use blob response type and buffer
+      // Do not use auth header for file download
 
       req.end(function (error, res) {
         if (error !== null || res.status !== 200) {
@@ -161,7 +165,7 @@ class RestAPI {
 
   apiDownload(url, token) {
     return new Promise(function (resolve, reject) {
-      var req = request.get(url).buffer(true).responseType("blob");
+      let req = request.get(url).buffer(true).responseType("blob");
 
       if (token != null) {
         req.set('Authorization', "Bearer " + token);