From 7fdad5269b3669ec418bb814b34176dfcb4f86ca Mon Sep 17 00:00:00 2001
From: Samuel Lorch <sam@lorch.net>
Date: Mon, 20 Sep 2021 11:20:18 +0200
Subject: [PATCH] move csrf token to custom request for mfa

---
 api/api.go  | 11 ++++++++++-
 api/auth.go | 22 +++++++++++-----------
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/api/api.go b/api/api.go
index 75835b2..c098021 100644
--- a/api/api.go
+++ b/api/api.go
@@ -50,6 +50,15 @@ start:
 		return r, &res, fmt.Errorf("Doing Request: %w", err)
 	}
 
+	// Because of MFA i need to do the csrf token stuff here
+	if c.csrfToken.Name == "" {
+		for _, cookie := range r.Cookies() {
+			if cookie.Name == "csrfToken" {
+				c.csrfToken = *cookie
+			}
+		}
+	}
+
 	if res.Header.Status == "success" {
 		return r, &res, nil
 	} else if res.Header.Status == "error" {
@@ -59,7 +68,7 @@ start:
 				return r, &res, fmt.Errorf("Got MFA challenge twice in a row, is your MFA Callback broken? Bailing to prevent loop...:")
 			}
 			if c.MFACallback != nil {
-				err = c.MFACallback(ctx, c, &res)
+				c.mfaToken, err = c.MFACallback(ctx, c, &res)
 				if err != nil {
 					return r, &res, fmt.Errorf("MFA Callback: %w", err)
 				}
diff --git a/api/auth.go b/api/auth.go
index 5b9c2fd..2f85fbc 100644
--- a/api/auth.go
+++ b/api/auth.go
@@ -56,6 +56,7 @@ func (c *Client) CheckSession(ctx context.Context) bool {
 
 // Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar
 func (c *Client) Login(ctx context.Context) error {
+	c.csrfToken = http.Cookie{}
 
 	if c.userPrivateKey == "" {
 		return fmt.Errorf("Client has no Private Key")
@@ -119,24 +120,23 @@ func (c *Client) Login(ctx context.Context) error {
 		return fmt.Errorf("Cannot Find Session Cookie!")
 	}
 
-	// Do Mfa Here if ever
-
 	// You have to get a make GET Request to get the CSRF Token which is Required for Write Operations
-	msg, apiMsg, err := c.DoCustomRequestAndReturnRawResponse(ctx, "GET", "/users/me.json", "v2", nil, nil)
+	apiMsg, err := c.DoCustomRequest(ctx, "GET", "/users/me.json", "v2", nil, nil)
 	if err != nil {
-		c.log("is MFA Enabled? That is not yet Supported!")
 		return fmt.Errorf("Getting CSRF Token: %w", err)
 	}
 
-	for _, cookie := range msg.Cookies() {
-		if cookie.Name == "csrfToken" {
-			c.csrfToken = *cookie
+	// Because of MFA, the custom Request Functin now Fetches the CSRF token, we still need the user for his public key
+	/*
+		for _, cookie := range msg.Cookies() {
+			if cookie.Name == "csrfToken" {
+				c.csrfToken = *cookie
+			}
 		}
-	}
 
-	if c.csrfToken.Name == "" {
-		return fmt.Errorf("Cannot Find csrfToken Cookie!")
-	}
+		if c.csrfToken.Name == "" {
+			return fmt.Errorf("Cannot Find csrfToken Cookie!")
+		}*/
 
 	// Get Users Own Public Key from Server
 	var user User