Change json response detection (#361)

This commit is contained in:
Thomas Miceli 2024-10-31 14:41:42 +01:00 committed by GitHub
parent d0b4815798
commit 20372f44e4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 39 additions and 27 deletions

View file

@ -462,7 +462,7 @@ func finishWebAuthnBinding(ctx echo.Context) error {
saveSession(sess, ctx) saveSession(sess, ctx)
addFlash(ctx, tr(ctx, "flash.auth.passkey-registred", passkeyName), "success") addFlash(ctx, tr(ctx, "flash.auth.passkey-registred", passkeyName), "success")
return json(ctx, 200, []string{"OK"}) return json(ctx, []string{"OK"})
} }
func beginWebAuthnLogin(ctx echo.Context) error { func beginWebAuthnLogin(ctx echo.Context) error {
@ -476,7 +476,7 @@ func beginWebAuthnLogin(ctx echo.Context) error {
sess.Options.MaxAge = 5 * 60 // 5 minutes sess.Options.MaxAge = 5 * 60 // 5 minutes
saveSession(sess, ctx) saveSession(sess, ctx)
return json(ctx, 200, credsCreation) return json(ctx, credsCreation)
} }
func finishWebAuthnLogin(ctx echo.Context) error { func finishWebAuthnLogin(ctx echo.Context) error {
@ -497,7 +497,7 @@ func finishWebAuthnLogin(ctx echo.Context) error {
delete(sess.Values, "webauthn_login_session") delete(sess.Values, "webauthn_login_session")
saveSession(sess, ctx) saveSession(sess, ctx)
return json(ctx, 200, []string{"OK"}) return json(ctx, []string{"OK"})
} }
func beginWebAuthnAssertion(ctx echo.Context) error { func beginWebAuthnAssertion(ctx echo.Context) error {
@ -517,7 +517,7 @@ func beginWebAuthnAssertion(ctx echo.Context) error {
sess.Options.MaxAge = 5 * 60 // 5 minutes sess.Options.MaxAge = 5 * 60 // 5 minutes
saveSession(sess, ctx) saveSession(sess, ctx)
return json(ctx, 200, credsCreation) return json(ctx, credsCreation)
} }
func finishWebAuthnAssertion(ctx echo.Context) error { func finishWebAuthnAssertion(ctx echo.Context) error {
@ -545,7 +545,7 @@ func finishWebAuthnAssertion(ctx echo.Context) error {
delete(sess.Values, "mfaID") delete(sess.Values, "mfaID")
saveSession(sess, ctx) saveSession(sess, ctx)
return json(ctx, 200, []string{"OK"}) return json(ctx, []string{"OK"})
} }
func beginTotp(ctx echo.Context) error { func beginTotp(ctx echo.Context) error {

View file

@ -218,14 +218,18 @@ func NewServer(isDev bool, sessionsPath string) *Server {
} }
e.HTTPErrorHandler = func(er error, ctx echo.Context) { e.HTTPErrorHandler = func(er error, ctx echo.Context) {
if httpErr, ok := er.(*HTMLError); ok { var httpErr *echo.HTTPError
if errors.As(er, &httpErr) {
acceptJson := strings.Contains(ctx.Request().Header.Get("Accept"), "application/json")
setData(ctx, "error", er) setData(ctx, "error", er)
if fatalErr := htmlWithCode(ctx, httpErr.Code, "error.html"); fatalErr != nil { if acceptJson {
log.Fatal().Err(fatalErr).Send() if fatalErr := jsonWithCode(ctx, httpErr.Code, httpErr); fatalErr != nil {
} log.Fatal().Err(fatalErr).Send()
} else if httpErr, ok := er.(*JSONError); ok { }
if fatalErr := json(ctx, httpErr.Code, httpErr); fatalErr != nil { } else {
log.Fatal().Err(fatalErr).Send() if fatalErr := htmlWithCode(ctx, httpErr.Code, "error.html"); fatalErr != nil {
log.Fatal().Err(fatalErr).Send()
}
} }
} else { } else {
log.Fatal().Err(er).Send() log.Fatal().Err(er).Send()

View file

@ -19,14 +19,6 @@ import (
type dataTypeKey string type dataTypeKey string
type HTMLError struct {
*echo.HTTPError
}
type JSONError struct {
*echo.HTTPError
}
const dataKey dataTypeKey = "data" const dataKey dataTypeKey = "data"
func setData(ctx echo.Context, key string, value any) { func setData(ctx echo.Context, key string, value any) {
@ -54,7 +46,11 @@ func htmlWithCode(ctx echo.Context, code int, template string) error {
return ctx.Render(code, template, ctx.Request().Context().Value(dataKey)) return ctx.Render(code, template, ctx.Request().Context().Value(dataKey))
} }
func json(ctx echo.Context, code int, data any) error { func json(ctx echo.Context, data any) error {
return jsonWithCode(ctx, 200, data)
}
func jsonWithCode(ctx echo.Context, code int, data any) error {
return ctx.JSON(code, data) return ctx.JSON(code, data)
} }
@ -76,7 +72,7 @@ func errorRes(code int, message string, err error) error {
skipLogger.Error().Err(err).Msg(message) skipLogger.Error().Err(err).Msg(message)
} }
return &HTMLError{&echo.HTTPError{Code: code, Message: message, Internal: err}} return &echo.HTTPError{Code: code, Message: message, Internal: err}
} }
func jsonErrorRes(code int, message string, err error) error { func jsonErrorRes(code int, message string, err error) error {
@ -85,7 +81,7 @@ func jsonErrorRes(code int, message string, err error) error {
skipLogger.Error().Err(err).Msg(message) skipLogger.Error().Err(err).Msg(message)
} }
return &JSONError{&echo.HTTPError{Code: code, Message: message, Internal: err}} return &echo.HTTPError{Code: code, Message: message, Internal: err}
} }
func getUserLogged(ctx echo.Context) *db.User { func getUserLogged(ctx echo.Context) *db.User {

View file

@ -22,6 +22,8 @@ function decodeBase64UrlToArrayBuffer(base64Url) {
} }
async function bindPasskey() { async function bindPasskey() {
// @ts-ignore
const baseUrl = window.opengist_base_url || '';
let waitText = document.getElementById("login-passkey-wait"); let waitText = document.getElementById("login-passkey-wait");
try { try {
@ -30,7 +32,10 @@ async function bindPasskey() {
let csrf = document.querySelector<HTMLInputElement>('form#webauthn input[name="_csrf"]').value let csrf = document.querySelector<HTMLInputElement>('form#webauthn input[name="_csrf"]').value
const beginResponse = await fetch('/webauthn/bind', { const beginResponse = await fetch(`${baseUrl}/webauthn/bind`, {
headers: {
'Accept': 'application/json',
},
method: 'POST', method: 'POST',
credentials: 'include', credentials: 'include',
body: new FormData(document.querySelector<HTMLFormElement>('form#webauthn')) body: new FormData(document.querySelector<HTMLFormElement>('form#webauthn'))
@ -52,10 +57,11 @@ async function bindPasskey() {
throw new Error('Credential object is missing required properties'); throw new Error('Credential object is missing required properties');
} }
const finishResponse = await fetch('/webauthn/bind/finish', { const finishResponse = await fetch(`${baseUrl}/webauthn/bind/finish`, {
method: 'POST', method: 'POST',
credentials: 'include', credentials: 'include',
headers: { headers: {
'Accept': 'application/json',
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRF-Token': csrf 'X-CSRF-Token': csrf
}, },
@ -84,6 +90,8 @@ async function bindPasskey() {
} }
async function loginWithPasskey() { async function loginWithPasskey() {
// @ts-ignore
const baseUrl = window.opengist_base_url || '';
let waitText = document.getElementById("login-passkey-wait"); let waitText = document.getElementById("login-passkey-wait");
try { try {
@ -91,7 +99,10 @@ async function loginWithPasskey() {
waitText.classList.remove('hidden'); waitText.classList.remove('hidden');
let csrf = document.querySelector<HTMLInputElement>('form#webauthn input[name="_csrf"]').value let csrf = document.querySelector<HTMLInputElement>('form#webauthn input[name="_csrf"]').value
const beginResponse = await fetch('/webauthn/' + loginMethod, { const beginResponse = await fetch(`${baseUrl}/webauthn/${loginMethod}`, {
headers: {
'Accept': 'application/json',
},
method: 'POST', method: 'POST',
credentials: 'include', credentials: 'include',
body: new FormData(document.querySelector<HTMLFormElement>('form#webauthn')) body: new FormData(document.querySelector<HTMLFormElement>('form#webauthn'))
@ -115,10 +126,11 @@ async function loginWithPasskey() {
throw new Error('Credential object is missing required properties'); throw new Error('Credential object is missing required properties');
} }
const finishResponse = await fetch('/webauthn/' + loginMethod + '/finish', { const finishResponse = await fetch(`${baseUrl}/webauthn/${loginMethod}/finish`, {
method: 'POST', method: 'POST',
credentials: 'include', credentials: 'include',
headers: { headers: {
'Accept': 'application/json',
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRF-Token': csrf 'X-CSRF-Token': csrf
}, },