mirror of
https://github.com/passbolt/go-passbolt.git
synced 2025-05-09 17:48:20 +00:00
move csrf token to custom request for mfa
This commit is contained in:
Samuel Lorch
parent
663f5f6b76
commit
7fdad5269b
2 changed files with 21 additions and 12 deletions
11
api/api.go
11
api/api.go
|
|
@ -50,6 +50,15 @@ start:
|
|||
return r, &res, fmt.Errorf("Doing Request: %w", err)
|
||||
}
|
||||
|
||||
// Because of MFA i need to do the csrf token stuff here
|
||||
if c.csrfToken.Name == "" {
|
||||
for _, cookie := range r.Cookies() {
|
||||
if cookie.Name == "csrfToken" {
|
||||
c.csrfToken = *cookie
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if res.Header.Status == "success" {
|
||||
return r, &res, nil
|
||||
} else if res.Header.Status == "error" {
|
||||
|
|
@ -59,7 +68,7 @@ start:
|
|||
return r, &res, fmt.Errorf("Got MFA challenge twice in a row, is your MFA Callback broken? Bailing to prevent loop...:")
|
||||
}
|
||||
if c.MFACallback != nil {
|
||||
err = c.MFACallback(ctx, c, &res)
|
||||
c.mfaToken, err = c.MFACallback(ctx, c, &res)
|
||||
if err != nil {
|
||||
return r, &res, fmt.Errorf("MFA Callback: %w", err)
|
||||
}
|
||||
|
|
|
|||
10
api/auth.go
10
api/auth.go
|
|
@ -56,6 +56,7 @@ func (c *Client) CheckSession(ctx context.Context) bool {
|
|||
|
||||
// Login gets a Session and CSRF Token from Passbolt and Stores them in the Clients Cookie Jar
|
||||
func (c *Client) Login(ctx context.Context) error {
|
||||
c.csrfToken = http.Cookie{}
|
||||
|
||||
if c.userPrivateKey == "" {
|
||||
return fmt.Errorf("Client has no Private Key")
|
||||
|
|
@ -119,15 +120,14 @@ func (c *Client) Login(ctx context.Context) error {
|
|||
return fmt.Errorf("Cannot Find Session Cookie!")
|
||||
}
|
||||
|
||||
// Do Mfa Here if ever
|
||||
|
||||
// You have to get a make GET Request to get the CSRF Token which is Required for Write Operations
|
||||
msg, apiMsg, err := c.DoCustomRequestAndReturnRawResponse(ctx, "GET", "/users/me.json", "v2", nil, nil)
|
||||
apiMsg, err := c.DoCustomRequest(ctx, "GET", "/users/me.json", "v2", nil, nil)
|
||||
if err != nil {
|
||||
c.log("is MFA Enabled? That is not yet Supported!")
|
||||
return fmt.Errorf("Getting CSRF Token: %w", err)
|
||||
}
|
||||
|
||||
// Because of MFA, the custom Request Functin now Fetches the CSRF token, we still need the user for his public key
|
||||
/*
|
||||
for _, cookie := range msg.Cookies() {
|
||||
if cookie.Name == "csrfToken" {
|
||||
c.csrfToken = *cookie
|
||||
|
|
@ -136,7 +136,7 @@ func (c *Client) Login(ctx context.Context) error {
|
|||
|
||||
if c.csrfToken.Name == "" {
|
||||
return fmt.Errorf("Cannot Find csrfToken Cookie!")
|
||||
}
|
||||
}*/
|
||||
|
||||
// Get Users Own Public Key from Server
|
||||
var user User
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue