From e11340ad2b6f8e60349aa49bb12aafc5c550ee77 Mon Sep 17 00:00:00 2001 From: Derrick Hammer Date: Thu, 14 Mar 2024 12:54:41 -0400 Subject: [PATCH] refactor: ensure we set a cookie, auth header and json response in both login and otp validate --- api/account/account.go | 23 ++++++++++++++++++++++- api/account/messages.go | 1 + 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/api/account/account.go b/api/account/account.go index bf8fc12..de5f42d 100644 --- a/api/account/account.go +++ b/api/account/account.go @@ -5,6 +5,7 @@ import ( "crypto/ed25519" _ "embed" "net/http" + "time" "git.lumeweb.com/LumeWeb/portal/api/swagger" @@ -103,13 +104,22 @@ func (a AccountAPI) login(jc jape.Context) { return } - jwt, _, err := a.accounts.LoginPassword(request.Email, request.Password, jc.Request.RemoteAddr) + jwt, user, err := a.accounts.LoginPassword(request.Email, request.Password, jc.Request.RemoteAddr) if err != nil { return } + http.SetCookie(jc.ResponseWriter, &http.Cookie{ + Name: "jwt", + Value: jwt, + Expires: time.Now().Add(24 * time.Hour), + HttpOnly: true, + }) + account.SendJWT(jc, jwt) + jc.Encode(&LoginResponse{ Token: jwt, + Otp: user.OTPEnabled && user.OTPVerified, }) } @@ -199,7 +209,18 @@ func (a AccountAPI) otpValidate(jc jape.Context) { return } + http.SetCookie(jc.ResponseWriter, &http.Cookie{ + Name: "jwt", + Value: jwt, + Expires: time.Now().Add(24 * time.Hour), + HttpOnly: true, + }) account.SendJWT(jc, jwt) + + jc.Encode(&LoginResponse{ + Token: jwt, + Otp: false, + }) } func (a AccountAPI) otpDisable(jc jape.Context) { diff --git a/api/account/messages.go b/api/account/messages.go index fcc96db..8bfdfc4 100644 --- a/api/account/messages.go +++ b/api/account/messages.go @@ -7,6 +7,7 @@ type LoginRequest struct { type LoginResponse struct { Token string `json:"token"` + Otp bool `json:"otp"` } type RegisterRequest struct {