Change json response detection (#361)

This commit is contained in:
Thomas Miceli 2024-10-31 14:41:42 +01:00 committed by GitHub
parent d0b4815798
commit 20372f44e4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 39 additions and 27 deletions

View file

@ -462,7 +462,7 @@ func finishWebAuthnBinding(ctx echo.Context) error {
saveSession(sess, ctx)
addFlash(ctx, tr(ctx, "flash.auth.passkey-registred", passkeyName), "success")
return json(ctx, 200, []string{"OK"})
return json(ctx, []string{"OK"})
}
func beginWebAuthnLogin(ctx echo.Context) error {
@ -476,7 +476,7 @@ func beginWebAuthnLogin(ctx echo.Context) error {
sess.Options.MaxAge = 5 * 60 // 5 minutes
saveSession(sess, ctx)
return json(ctx, 200, credsCreation)
return json(ctx, credsCreation)
}
func finishWebAuthnLogin(ctx echo.Context) error {
@ -497,7 +497,7 @@ func finishWebAuthnLogin(ctx echo.Context) error {
delete(sess.Values, "webauthn_login_session")
saveSession(sess, ctx)
return json(ctx, 200, []string{"OK"})
return json(ctx, []string{"OK"})
}
func beginWebAuthnAssertion(ctx echo.Context) error {
@ -517,7 +517,7 @@ func beginWebAuthnAssertion(ctx echo.Context) error {
sess.Options.MaxAge = 5 * 60 // 5 minutes
saveSession(sess, ctx)
return json(ctx, 200, credsCreation)
return json(ctx, credsCreation)
}
func finishWebAuthnAssertion(ctx echo.Context) error {
@ -545,7 +545,7 @@ func finishWebAuthnAssertion(ctx echo.Context) error {
delete(sess.Values, "mfaID")
saveSession(sess, ctx)
return json(ctx, 200, []string{"OK"})
return json(ctx, []string{"OK"})
}
func beginTotp(ctx echo.Context) error {

View file

@ -218,14 +218,18 @@ func NewServer(isDev bool, sessionsPath string) *Server {
}
e.HTTPErrorHandler = func(er error, ctx echo.Context) {
if httpErr, ok := er.(*HTMLError); ok {
var httpErr *echo.HTTPError
if errors.As(er, &httpErr) {
acceptJson := strings.Contains(ctx.Request().Header.Get("Accept"), "application/json")
setData(ctx, "error", er)
if fatalErr := htmlWithCode(ctx, httpErr.Code, "error.html"); fatalErr != nil {
log.Fatal().Err(fatalErr).Send()
}
} else if httpErr, ok := er.(*JSONError); ok {
if fatalErr := json(ctx, httpErr.Code, httpErr); fatalErr != nil {
log.Fatal().Err(fatalErr).Send()
if acceptJson {
if fatalErr := jsonWithCode(ctx, httpErr.Code, httpErr); fatalErr != nil {
log.Fatal().Err(fatalErr).Send()
}
} else {
if fatalErr := htmlWithCode(ctx, httpErr.Code, "error.html"); fatalErr != nil {
log.Fatal().Err(fatalErr).Send()
}
}
} else {
log.Fatal().Err(er).Send()

View file

@ -19,14 +19,6 @@ import (
type dataTypeKey string
type HTMLError struct {
*echo.HTTPError
}
type JSONError struct {
*echo.HTTPError
}
const dataKey dataTypeKey = "data"
func setData(ctx echo.Context, key string, value any) {
@ -54,7 +46,11 @@ func htmlWithCode(ctx echo.Context, code int, template string) error {
return ctx.Render(code, template, ctx.Request().Context().Value(dataKey))
}
func json(ctx echo.Context, code int, data any) error {
func json(ctx echo.Context, data any) error {
return jsonWithCode(ctx, 200, data)
}
func jsonWithCode(ctx echo.Context, code int, data any) error {
return ctx.JSON(code, data)
}
@ -76,7 +72,7 @@ func errorRes(code int, message string, err error) error {
skipLogger.Error().Err(err).Msg(message)
}
return &HTMLError{&echo.HTTPError{Code: code, Message: message, Internal: err}}
return &echo.HTTPError{Code: code, Message: message, Internal: err}
}
func jsonErrorRes(code int, message string, err error) error {
@ -85,7 +81,7 @@ func jsonErrorRes(code int, message string, err error) error {
skipLogger.Error().Err(err).Msg(message)
}
return &JSONError{&echo.HTTPError{Code: code, Message: message, Internal: err}}
return &echo.HTTPError{Code: code, Message: message, Internal: err}
}
func getUserLogged(ctx echo.Context) *db.User {

View file

@ -22,6 +22,8 @@ function decodeBase64UrlToArrayBuffer(base64Url) {
}
async function bindPasskey() {
// @ts-ignore
const baseUrl = window.opengist_base_url || '';
let waitText = document.getElementById("login-passkey-wait");
try {
@ -30,7 +32,10 @@ async function bindPasskey() {
let csrf = document.querySelector<HTMLInputElement>('form#webauthn input[name="_csrf"]').value
const beginResponse = await fetch('/webauthn/bind', {
const beginResponse = await fetch(`${baseUrl}/webauthn/bind`, {
headers: {
'Accept': 'application/json',
},
method: 'POST',
credentials: 'include',
body: new FormData(document.querySelector<HTMLFormElement>('form#webauthn'))
@ -52,10 +57,11 @@ async function bindPasskey() {
throw new Error('Credential object is missing required properties');
}
const finishResponse = await fetch('/webauthn/bind/finish', {
const finishResponse = await fetch(`${baseUrl}/webauthn/bind/finish`, {
method: 'POST',
credentials: 'include',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'X-CSRF-Token': csrf
},
@ -84,6 +90,8 @@ async function bindPasskey() {
}
async function loginWithPasskey() {
// @ts-ignore
const baseUrl = window.opengist_base_url || '';
let waitText = document.getElementById("login-passkey-wait");
try {
@ -91,7 +99,10 @@ async function loginWithPasskey() {
waitText.classList.remove('hidden');
let csrf = document.querySelector<HTMLInputElement>('form#webauthn input[name="_csrf"]').value
const beginResponse = await fetch('/webauthn/' + loginMethod, {
const beginResponse = await fetch(`${baseUrl}/webauthn/${loginMethod}`, {
headers: {
'Accept': 'application/json',
},
method: 'POST',
credentials: 'include',
body: new FormData(document.querySelector<HTMLFormElement>('form#webauthn'))
@ -115,10 +126,11 @@ async function loginWithPasskey() {
throw new Error('Credential object is missing required properties');
}
const finishResponse = await fetch('/webauthn/' + loginMethod + '/finish', {
const finishResponse = await fetch(`${baseUrl}/webauthn/${loginMethod}/finish`, {
method: 'POST',
credentials: 'include',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'X-CSRF-Token': csrf
},