refactor: ensure we set a cookie, auth header and json response in both login and otp validate

This commit is contained in:
Derrick Hammer 2024-03-14 12:54:41 -04:00
parent e380dacced
commit e11340ad2b
Signed by: pcfreak30
GPG Key ID: C997C339BE476FF2
2 changed files with 23 additions and 1 deletions

View File

@ -5,6 +5,7 @@ import (
"crypto/ed25519"
_ "embed"
"net/http"
"time"
"git.lumeweb.com/LumeWeb/portal/api/swagger"
@ -103,13 +104,22 @@ func (a AccountAPI) login(jc jape.Context) {
return
}
jwt, _, err := a.accounts.LoginPassword(request.Email, request.Password, jc.Request.RemoteAddr)
jwt, user, err := a.accounts.LoginPassword(request.Email, request.Password, jc.Request.RemoteAddr)
if err != nil {
return
}
http.SetCookie(jc.ResponseWriter, &http.Cookie{
Name: "jwt",
Value: jwt,
Expires: time.Now().Add(24 * time.Hour),
HttpOnly: true,
})
account.SendJWT(jc, jwt)
jc.Encode(&LoginResponse{
Token: jwt,
Otp: user.OTPEnabled && user.OTPVerified,
})
}
@ -199,7 +209,18 @@ func (a AccountAPI) otpValidate(jc jape.Context) {
return
}
http.SetCookie(jc.ResponseWriter, &http.Cookie{
Name: "jwt",
Value: jwt,
Expires: time.Now().Add(24 * time.Hour),
HttpOnly: true,
})
account.SendJWT(jc, jwt)
jc.Encode(&LoginResponse{
Token: jwt,
Otp: false,
})
}
func (a AccountAPI) otpDisable(jc jape.Context) {

View File

@ -7,6 +7,7 @@ type LoginRequest struct {
type LoginResponse struct {
Token string `json:"token"`
Otp bool `json:"otp"`
}
type RegisterRequest struct {