speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-05-09 17:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

move csrf token to custom request for mfa

Browse source
This commit is contained in:
Samuel Lorch 2021-09-20 11:20:18 +02:00
parent 663f5f6b76
commit 7fdad5269b
2 changed files with 21 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
api/api.go
View file

@ -50,6 +50,15 @@ start:
return r, &res, fmt.Errorf("Doing Request: %w", err) return r, &res, fmt.Errorf("Doing Request: %w", err)
} }
// Because of MFA i need to do the csrf token stuff here
if c.csrfToken.Name == "" {
for _, cookie := range r.Cookies() {
if cookie.Name == "csrfToken" {
c.csrfToken = *cookie
}
}
}
if res.Header.Status == "success" { if res.Header.Status == "success" {
return r, &res, nil return r, &res, nil
} else if res.Header.Status == "error" { } else if res.Header.Status == "error" {
@ -59,7 +68,7 @@ start:
return r, &res, fmt.Errorf("Got MFA challenge twice in a row, is your MFA Callback broken? Bailing to prevent loop...:") return r, &res, fmt.Errorf("Got MFA challenge twice in a row, is your MFA Callback broken? Bailing to prevent loop...:")
} }
if c.MFACallback != nil { if c.MFACallback != nil {
err = c.MFACallback(ctx, c, &res) c.mfaToken, err = c.MFACallback(ctx, c, &res)
if err != nil { if err != nil {
return r, &res, fmt.Errorf("MFA Callback: %w", err) return r, &res, fmt.Errorf("MFA Callback: %w", err)
} }

22
api/auth.go
View file

@ -56,6 +56,7 @@ func (c *Client) CheckSession(ctx context.Context) bool {
// Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar // Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar
func (c *Client) Login(ctx context.Context) error { func (c *Client) Login(ctx context.Context) error {
c.csrfToken = http.Cookie{}
if c.userPrivateKey == "" { if c.userPrivateKey == "" {
return fmt.Errorf("Client has no Private Key") return fmt.Errorf("Client has no Private Key")
@ -119,24 +120,23 @@ func (c *Client) Login(ctx context.Context) error {
return fmt.Errorf("Cannot Find Session Cookie!") return fmt.Errorf("Cannot Find Session Cookie!")
} }
// Do Mfa Here if ever
// You have to get a make GET Request to get the CSRF Token which is Required for Write Operations // You have to get a make GET Request to get the CSRF Token which is Required for Write Operations
msg, apiMsg, err := c.DoCustomRequestAndReturnRawResponse(ctx, "GET", "/users/me.json", "v2", nil, nil) apiMsg, err := c.DoCustomRequest(ctx, "GET", "/users/me.json", "v2", nil, nil)
if err != nil { if err != nil {
c.log("is MFA Enabled? That is not yet Supported!")
return fmt.Errorf("Getting CSRF Token: %w", err) return fmt.Errorf("Getting CSRF Token: %w", err)
} }
for _, cookie := range msg.Cookies() { // Because of MFA, the custom Request Functin now Fetches the CSRF token, we still need the user for his public key
if cookie.Name == "csrfToken" { /*
c.csrfToken = *cookie for _, cookie := range msg.Cookies() {
if cookie.Name == "csrfToken" {
c.csrfToken = *cookie
}
} }
}
if c.csrfToken.Name == "" { if c.csrfToken.Name == "" {
return fmt.Errorf("Cannot Find csrfToken Cookie!") return fmt.Errorf("Cannot Find csrfToken Cookie!")
} }*/
// Get Users Own Public Key from Server // Get Users Own Public Key from Server
var user User var user User