Ensures CSRF token is initialized prior to first modifying (non-GET) request

[tdonohue]

References

• Fixes Bug in statistics gathering upon first visit of repository (introduction of /csrf endpoint) DSpace#9236
• Replaces PR CSRF bugfix #2838. I've cherry-picked one commit from that PR, and then updated the code to align with the new GET /api/security/csrf endpoint added by Update DSpace with Jakarta EE Support (includes Tomcat 10+) DSpace#9321 and described by New /api/security/csrf endpoint & updated CSRF docs RestContract#259

Description

This PR ensures that the frontend will request a new CSRF token from the backend via the GET /api/security/csrf endpoint prior to the first modifying request (POST, PUT, DELETE, etc), if the CSRF token has not yet been provided by the REST API

This also fixes e2e test failures that are occurring in several PRs (#2871 and #2881) after the merger of DSpace/DSpace#9321. These e2e test failures only occurred on tests that required authentication. The cause of those failures were that the CSRF token was not yet initialized prior to Cypress attempting a login. This caused all logins via Cypress to fail with a CSRF token error.

Instructions for Reviewers

• Review code. Most of the main code here was written by @artlowel in CSRF bugfix #2838 (see first commit in this PR). I've only updated it slightly to use GET instead of POST and to fix minor lint/test failures.
• Ensure all e2e tests succeed in GitHub CI. That is proof that the main bug is fixed because they currently do not succeed on main.

[tdonohue]

@atarix83 and @artlowel : This is the PR to fix the e2e test failures... if you have a chance to quickly glance at the code, I'd appreciate it. A few of the specs (unit tests) failed initially & I believe they should now succeed. Once all tests pass, I plan to merge this immediately as it corrects the behavior of CSRF token initialization, which results in the e2e tests now succeeding.

That said, obviously we can do further fixes to this work if we notice anything later. Most of this code was actually written by @artlowel and I've simply updated it based on the backend changes in DSpace/DSpace#9321 & latest Angular code.

[tdonohue]

Merging immediately as this fixes our e2e tests. The code here was primarily written by @artlowel in #2838 (see first commit in this PR which is a cherry-pick). I've "approved" it by verifying it fixes the bugs we are seeing in e2e tests.

[tdonohue]

NOTE: we may wish to backport this PR to dspace-7_x to fix DSpace/DSpace#9236 in that maintenance release. However, doing so will require first backporting the /api/security/csrf endpoint...and that likely requires more discussion as it's a change to the REST Contract

I've added this to the discussion for tomorrow's DevMtg: https://wiki.lyrasis.org/display/DSPACE/2024-04-04+DSpace+Developers+Meeting

[alanorth]

NOTE: we may wish to backport this PR to dspace-7_x to fix DSpace/DSpace#9236 in that maintenance release. However, doing so will require first backporting the /api/security/csrf endpoint...and that likely requires more discussion as it's a change to the REST Contract

If I understand the issue correctly it affects the accuracy of statistics and thus would be a strong argument for backporting this PR to dspace-7-x.

[tdonohue]

@alanorth : Correct. This would make statistics more accurate, which is the main reason I'd consider backporting this PR. Normally, we do not backport changes which modify the REST Contract (adding/removing/changing endpoints). But, in this case, the change is required to fix this particular bug.

We'll be discussing this in upcoming Developer Meeting (in the next few weeks) to get more advice...but I'm currently leaning towards making an exception in this situation and backporting these changes to 7.x.

[tdonohue]

Ported to 7.x in #3063