diff --git a/src/abstractions/api.service.ts b/src/abstractions/api.service.ts index 4b61c79c4d1..ce9e0a0c478 100644 --- a/src/abstractions/api.service.ts +++ b/src/abstractions/api.service.ts @@ -172,4 +172,6 @@ export abstract class ApiService { token: string) => Promise>; getEventsOrganizationUser: (organizationId: string, id: string, start: string, end: string, token: string) => Promise>; + + fetch: (request: Request) => Promise; } diff --git a/src/services/api.service.ts b/src/services/api.service.ts index 23520bf4aee..162a410daec 100644 --- a/src/services/api.service.ts +++ b/src/services/api.service.ts @@ -120,7 +120,7 @@ export class ApiService implements ApiServiceAbstraction { // Auth APIs async postIdentityToken(request: TokenRequest): Promise { - const response = await fetch(new Request(this.identityBaseUrl + '/connect/token', { + const response = await this.fetch(new Request(this.identityBaseUrl + '/connect/token', { body: this.qsStringify(request.toIdentityToken(this.platformUtilsService.identityClientId)), credentials: this.getCredentials(), cache: 'no-cache', @@ -585,6 +585,14 @@ export class ApiService implements ApiServiceAbstraction { // Helpers + fetch(request: Request): Promise { + if (request.method === 'GET') { + request.headers.set('Cache-Control', 'no-cache'); + request.headers.set('Pragma', 'no-cache'); + } + return fetch(request); + } + private async send(method: 'GET' | 'POST' | 'PUT' | 'DELETE', path: string, body: any, authed: boolean, hasResponse: boolean): Promise { const headers = new Headers({ @@ -619,7 +627,7 @@ export class ApiService implements ApiServiceAbstraction { } requestInit.headers = headers; - const response = await fetch(new Request(this.apiBaseUrl + path, requestInit)); + const response = await this.fetch(new Request(this.apiBaseUrl + path, requestInit)); if (hasResponse && response.status === 200) { const responseJson = await response.json(); @@ -662,7 +670,7 @@ export class ApiService implements ApiServiceAbstraction { } const decodedToken = this.tokenService.decodeToken(); - const response = await fetch(new Request(this.identityBaseUrl + '/connect/token', { + const response = await this.fetch(new Request(this.identityBaseUrl + '/connect/token', { body: this.qsStringify({ grant_type: 'refresh_token', client_id: decodedToken.client_id, diff --git a/src/services/audit.service.ts b/src/services/audit.service.ts index 2c4e6c16393..9b7b605765a 100644 --- a/src/services/audit.service.ts +++ b/src/services/audit.service.ts @@ -1,3 +1,4 @@ +import { ApiService } from '../abstractions/api.service'; import { AuditService as AuditServiceAbstraction } from '../abstractions/audit.service'; import { CryptoFunctionService } from '../abstractions/cryptoFunction.service'; @@ -9,7 +10,7 @@ const PwnedPasswordsApi = 'https://api.pwnedpasswords.com/range/'; const HibpBreachApi = 'https://haveibeenpwned.com/api/v2/breachedaccount/'; export class AuditService implements AuditServiceAbstraction { - constructor(private cryptoFunctionService: CryptoFunctionService) { } + constructor(private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { } async passwordLeaked(password: string): Promise { const hashBytes = await this.cryptoFunctionService.hash(password, 'sha1'); @@ -17,7 +18,7 @@ export class AuditService implements AuditServiceAbstraction { const hashStart = hash.substr(0, 5); const hashEnding = hash.substr(5); - const response = await fetch(PwnedPasswordsApi + hashStart); + const response = await this.apiService.fetch(new Request(PwnedPasswordsApi + hashStart)); const leakedHashes = await response.text(); const match = leakedHashes.split(/\r?\n/).find((v) => { return v.split(':')[0] === hashEnding; @@ -27,7 +28,7 @@ export class AuditService implements AuditServiceAbstraction { } async breachedAccounts(username: string): Promise { - const response = await fetch(HibpBreachApi + username); + const response = await this.apiService.fetch(new Request(HibpBreachApi + username)); if (response.status === 404) { return []; } else if (response.status !== 200) {