cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Send alert notification from SCP Worflow

Go to solution
Giampaolo
Explorer

on ‎11-23-2022 4:52 PM

0 Kudos

Hi folks,
I would like to send an alert notification from custom start-ui-module.

The steps taken so far are:
- I enable notifications from launchpad (and yes, they work because I'm sending notifications with Notification API);
- I created a dedicated destination (similar to the one for sending emails or managing attachments);
- I put a new route in the xs-app.json file of the module.

From the browser console I see the 2 calls:
1. the first one to get the token and the second one to send the notification. The first call fails Not Implemented (and this behavior is apparently normal, see first link in bibliography) but returns a token.
2. The second call, using the newly obtained token, returns the Forbidden error.

What am I doing wrong?

Small note: the token returned from the first call does not look like the token I get when I call the Notification API with PostMan.

Bibliography

- Send push notification to SAP BTP Launchpad via HTTP
- Enabling Notifications for Custom Apps on SAP BTP Cloud Foundry
- Developing Cloud Foundry Applications With Notifications

Thanks in advance for answers,
Giampaolo

Show replies
Show replies
Giampaolo
Explorer
‎11-23-2022 5:12 PM
0 Kudos

xs-app.json

"routes": [
    {...},
    {
        "source": "^/notification/(.*)$",
        "target": "/$1",
        "destination": "bpmworkflowruntime_notification",
        "authenticationType": "xsuaa",
        "cacheControl": "no-cache, no-store, must-revalidate"
    },
	...
Giampaolo
Explorer
‎11-23-2022 5:13 PM
0 Kudos

Controller Code

sendNotification: function () {
	console.log("Send Notification");
	var notifica = {<NOTIFICATION BODY>};
	
	$.ajax({
		url: this._getNotificationServiceRuntimeBaseURL(),
		method: "POST",
		async: false,
		contentType: "application/json",
		headers: {
			"X-CSRF-Token": this._fetchNotificationToken(),
		},
		data: JSON.stringify(notifica),
		success: function (result, xhr, data) {
			var response = JSON.parse(result.responseText);
			console.log("SUCCESS: " + response);
			MessageToast.show("SUCCESS: " + result);
		},
		error: function (request, status, error) {
			console.log("ERROR: " + error);
			MessageToast.show("ERROR: " + error);
		},
	});
	
	this.getView().setBusy(false);
},
_fetchNotificationToken: function () {
	var notificationToken;
	jQuery.ajax({
		url: this._getNotificationServiceRuntimeBaseURL(),
		method: "GET",
		async: false,
		headers: { "X-CSRF-Token": "Fetch" },
		complete: function (result, status) {
			notificationToken = result.getResponseHeader("X-CSRF-Token");
			console.log("_fetchNotificationToken COOMPLETE: " + status);
		},
		success: function (data, status, request) {
			//called when successful
			console.log("_fetchNotificationToken SUCCESS: " + data + " - "+ " - " + status + " - " + request);
			token = data.access_token;
			expiresIn = data.expires_in;
		},
		error: function (request, status, error) {
			//called when there is an error
			console.log("_fetchNotificationToken ERROR: "+ status + " - " + error);
		}
	});
	console.log("Notification token: <"+notificationToken+">");
	return notificationToken;
},
_getNotificationServiceRuntimeBaseURL: function () {
	var appId = this.getOwnerComponent().getManifestEntry("/sap.app/id");
	var appPath = appId.replaceAll(".", "/");
	var appModulePath = jQuery.sap.getModulePath(appPath);
	return appModulePath + "/notification/v2/Notification.svc/Notifications";
},
Answer

Accepted Solutions (1)

Accepted Solutions (1)

tobias_breyer
Contributor
‎11-24-2022 7:57 AM

Hi Giampaolo,

I think the difference in the token to the Postman usage is the best hint here. In Postman, you directly address the subdomain of the Notification service. In the UI, I assume that the method providing the URL will rather provide one that is effectively calling against the Approuter or Launchpad. And for that, I think the xs-app.json has CSRF protection enabled by default (see csrfProtection property documentation), causing the issue.

I am not familiar with the notification service, but it might have its own CSRF protection mechanism implemented and the approuter overwrites the X-CSRF-Token header from the notification service with its own CSRF token, which is not acceptable to the Notification service when sent back on the POST.

Not sure what's the best solution here. Perhaps you need to turn off csrfProtection for that route. Probably you should consult the API documentation of Notification service, with respect to CSRF protection, or possibly/technically, the X-CSRF-Token header.

Regards,

Tobias

Show replies
Show replies
Giampaolo
Explorer
‎11-24-2022 8:42 AM
0 Kudos

Thanks Tobias,
your suggestion is correct: I disabled CSRF protection and now it works like a charm.

xs-app.json

   {
        "source": "^/notification/(.*)$",
        "target": "/$1",
        "destination": "bpmworkflowruntime_notification",
        "authenticationType": "xsuaa",
        "csrfProtection": false, // ADD THIS LINE
        "cacheControl": "no-cache, no-store, must-revalidate"
    },

Best Regards,

Giampaolo

Answers (0)

Ask a Question