Skip to content

Commit

Permalink
Actually set path in cookie
Browse files Browse the repository at this point in the history
  • Loading branch information
NHAS committed Jun 10, 2024
1 parent 1b017da commit 7a96475
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 14 deletions.
8 changes: 4 additions & 4 deletions internal/webserver/authenticators/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,17 +51,17 @@ func (e *enable) Enable() {
*e = true
}

func IssueChallengeTokenCookie(w http.ResponseWriter, r *http.Request, challenge string) error {
func IssueChallengeTokenCookie(w http.ResponseWriter, r *http.Request, challenge string) {

cookie := http.Cookie{
Name: "challenge",
Value: challenge,
Expires: time.Now().Add(8 * time.Hour),
SameSite: http.SameSiteNoneMode,
Secure: r.URL.Scheme == "https",
SameSite: http.SameSiteLaxMode,
Secure: true,
HttpOnly: false,
Path: "/",
}
http.SetCookie(w, &cookie)

return nil
}
7 changes: 4 additions & 3 deletions internal/webserver/resources/static/js/challenge.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,12 @@ const url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + "/chall

let backoff = 200;
let challenge = localStorage.getItem("challenge");
if (challenge === null) {
if (challenge === null || challenge === "null") {
// oidc sets the challenge via cookie
challenge = getCookie("challenge");
localStorage.setItem("challenge", challenge)

if(challenge !== null) {
localStorage.setItem("challenge", challenge)
}
deleteCookie("challenge")
}

Expand Down
6 changes: 3 additions & 3 deletions internal/webserver/resources/static/js/pam.js
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@ async function loginUser(location) {
document.getElementById("error").hidden = false;
return
}

localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))

if (send.headers.get("WAG-CHALLENGE") !== null) {
localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
}
} catch (e) {
console.log("logging in user failed")
document.getElementById("errorMsg").textContent = e.message;
Expand Down
7 changes: 5 additions & 2 deletions internal/webserver/resources/static/js/totp.js
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,11 @@ async function loginUser(location) {
return
}

localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))


if (send.headers.get("WAG-CHALLENGE") !== null) {
localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
}

} catch (e) {
console.log("logging in user failed")
document.getElementById("errorMsg").textContent = e.message;
Expand Down
6 changes: 4 additions & 2 deletions internal/webserver/resources/static/js/webauthn.js
Original file line number Diff line number Diff line change
Expand Up @@ -213,8 +213,10 @@ async function loginUser(event) {

return
}

localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))

if (send.headers.get("WAG-CHALLENGE") !== null) {
localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
}

} catch (e) {
console.log("logging in failed: ", e)
Expand Down

0 comments on commit 7a96475

Please sign in to comment.