Invalid token error when trying to create an A/B analysis for a range
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Jun 2016 19:47:38 +0000 (19:47 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Jun 2016 19:47:38 +0000 (19:47 +0000)
commitd00036c3190a4665fc3499e6dcbaa99d812bd127
treeaddb3585b07c09ec46e47ed4ab372ab032c5e05a
parent0b7bf1b035624841a73a5f030aaacdb4c81c621c
Invalid token error when trying to create an A/B analysis for a range
https://bugs.webkit.org/show_bug.cgi?id=158679

Reviewed by Chris Dumez.

The problem in this particular case was due to another website overriding cookies for our subdomain.
Make PrivilegedAPI robust against its token becoming invalid in general to fix the bug since the cookie
is only available under /privileged-api/ and the v3 UI can't access it for security reasons.

This patch factors out PrivilegedAPI out of remote.js so that it can be tested separately in server tests
as well as unit tests even though RemoteAPI itself is implemented differently in each case.

* init-database.sql: Added a forgotten default value "false" to run_marked_outlier.
* public/v3/index.html:
* public/v3/privileged-api.js: Added. Extracted out of public/v3/remote.js.
(PrivilegedAPI.sendRequest): Fixed the bug. When the initial request fails with "InvalidToken" error,
re-generate the token and re-issue the request.
(PrivilegedAPI.requestCSRFToken):
* public/v3/remote.js:
(RemoteAPI.postJSON): Added to match tools/js/remote.js.
(RemoteAPI.postJSONWithStatus): Ditto.
(PrivilegedAPI): Moved to privileged-api.js.
* server-tests/api-measurement-set-tests.js: Removed the unused require for crypto.
* server-tests/privileged-api-upate-run-status.js: Added tests for /privileged-api/update-run-status.
* server-tests/resources/test-server.js:
(TestServer.prototype.inject): Clear the cookies as well as tokens in PrivilegedAPI.
* tools/js/remote.js:
(RemoteAPI): Added the support for PrivilegedAPI by making cookie set by the server persist.
(RemoteAPI.prototype.clearCookies): Added for tests.
(RemoteAPI.prototype.postJSON): Make sure sendHttpRequest always sends a valid JSON.
(RemoteAPI.prototype.postJSONWithStatus): Added since this API is used PrivilegedAPI.
(RemoteAPI.prototype.sendHttpRequest): Retain the cookie set by the server and send it back in each request.
* tools/js/v3-models.js:
* unit-tests/privileged-api-tests.js: Added unit tests for PrivilegedAPI.
* unit-tests/resources/mock-remote-api.js:
(MockRemoteAPI.postJSON): Added for unit testing.
(MockRemoteAPI.postJSONWithStatus): Ditto.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@202001 268f45cc-cd09-0410-ab3c-d52691b4dbfc
12 files changed:
Websites/perf.webkit.org/ChangeLog
Websites/perf.webkit.org/init-database.sql
Websites/perf.webkit.org/public/v3/index.html
Websites/perf.webkit.org/public/v3/privileged-api.js [new file with mode: 0644]
Websites/perf.webkit.org/public/v3/remote.js
Websites/perf.webkit.org/server-tests/api-measurement-set-tests.js
Websites/perf.webkit.org/server-tests/privileged-api-upate-run-status.js [new file with mode: 0644]
Websites/perf.webkit.org/server-tests/resources/test-server.js
Websites/perf.webkit.org/tools/js/remote.js
Websites/perf.webkit.org/tools/js/v3-models.js
Websites/perf.webkit.org/unit-tests/privileged-api-tests.js [new file with mode: 0644]
Websites/perf.webkit.org/unit-tests/resources/mock-remote-api.js