Merge pull request #133 from ssb-ngi-pointer/tweak-urls

support /login?ssb-http-auth=1
2021-04-11 21:31:30 +03:00 · 2021-04-11 21:31:30 +03:00 · 28bded7c52
parent f69451dee7 aee9b7ad69
commit 28bded7c52
3 changed files with 46 additions and 5 deletions
--- a/web/handlers/auth/withssb.go
+++ b/web/handlers/auth/withssb.go
@ -99,7 +99,7 @@ func NewWithSSBHandler(
 	ssb.cookieStore = cookies
 	ssb.bridge = bridge

-	m.Get(router.AuthWithSSBLogin).HandlerFunc(ssb.decideMethod)
+	m.Get(router.AuthWithSSBLogin).HandlerFunc(ssb.DecideMethod)
 	m.Get(router.AuthWithSSBServerEvents).HandlerFunc(ssb.eventSource)
 	m.Get(router.AuthWithSSBFinalize).HandlerFunc(ssb.finalizeCookie)

@ -206,8 +206,9 @@ func (h WithSSBHandler) saveCookie(w http.ResponseWriter, req *http.Request, tok
 	return nil
 }

-// this is the /login landing page which branches out to the different methods based on the query parameters that are present
-func (h WithSSBHandler) decideMethod(w http.ResponseWriter, req *http.Request) {
+// this is the /login landing page which branches out to the different methods
+// based on the query parameters that are present
+func (h WithSSBHandler) DecideMethod(w http.ResponseWriter, req *http.Request) {
 	queryVals := req.URL.Query()

 	var (
@ -256,7 +257,8 @@ func (h WithSSBHandler) decideMethod(w http.ResponseWriter, req *http.Request) {
 	h.render.Render(w, req, "auth/withssb_server_start.tmpl", http.StatusOK, data)
 }

-// clientInitiated is called with a client challange (?cc=123) and calls back to the passed client using muxrpc to request a signed solution
+// clientInitiated is called with a client challange (?cc=123) and calls back to
+// the passed client using muxrpc to request a signed solution.
 // if everything checks out it redirects to the admin dashboard
 func (h WithSSBHandler) clientInitiated(w http.ResponseWriter, req *http.Request, client refs.FeedRef) error {
 	queryParams := req.URL.Query()
--- a/web/handlers/auth_test.go
+++ b/web/handlers/auth_test.go
@ -241,6 +241,39 @@ func TestAuthWithSSBClientInitNotAllowed(t *testing.T) {
 	})
 }

+func TestAuthWithSSBClientAlternativeRoute(t *testing.T) {
+	ts := setup(t)
+	a, r := assert.New(t), require.New(t)
+
+	// the client isnt a member
+	ts.MembersDB.GetByFeedReturns(roomdb.Member{}, roomdb.ErrNotFound)
+	ts.MockedEndpoints.GetEndpointForReturns(nil, false)
+
+	client, err := keys.NewKeyPair(nil)
+	r.NoError(err)
+
+	cc := signinwithssb.GenerateChallenge()
+
+	urlTo := web.NewURLTo(ts.Router)
+
+	loginURL := urlTo(router.AuthLogin,
+		"ssb-http-auth", 1,
+		"cid", client.Feed.Ref(),
+		"cc", cc,
+	)
+	r.NotNil(loginURL)
+
+	t.Log(loginURL.String())
+	doc, resp := ts.Client.GetHTML(loginURL.String())
+	t.Log()
+	a.Equal(http.StatusForbidden, resp.Code)
+
+	webassert.Localized(t, doc, []webassert.LocalizedElement{
+		// {"#welcome", "AuthWithSSBWelcome"},
+		// {"title", "AuthWithSSBTitle"},
+	})
+}
+
 func TestAuthWithSSBClientInitHasClient(t *testing.T) {
 	ts := setup(t)
 	a, r := assert.New(t), require.New(t)
--- a/web/handlers/http.go
+++ b/web/handlers/http.go
@ -237,7 +237,13 @@ func New(
 		bridge,
 	)

-	m.Get(router.AuthLogin).Handler(r.StaticHTML("auth/decide_method.tmpl"))
+	m.Get(router.AuthLogin).HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		if label := req.URL.Query().Get("ssb-http-auth"); label != "" {
+			authWithSSB.DecideMethod(w, req)
+		} else {
+			r.Render(w, req, "auth/decide_method.tmpl", http.StatusOK, nil)
+		}
+	})

 	m.Get(router.AuthFallbackFinalize).HandlerFunc(authWithPassword.Authorize)