From bdc37b6ff70c18b8fcef5e1edb1bc2b42c2f99fd Mon Sep 17 00:00:00 2001 From: Rory Powell Date: Mon, 31 Jan 2022 11:07:54 +0000 Subject: [PATCH] Fix CSRF token not present using local auth --- .../builder/src/pages/builder/_layout.svelte | 2 +- .../src/pages/builder/auth/reset.svelte | 2 +- packages/builder/src/stores/portal/auth.js | 21 +++++++++++-------- .../worker/src/api/controllers/global/auth.js | 5 +---- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/packages/builder/src/pages/builder/_layout.svelte b/packages/builder/src/pages/builder/_layout.svelte index 12a544096a..1d41af15e7 100644 --- a/packages/builder/src/pages/builder/_layout.svelte +++ b/packages/builder/src/pages/builder/_layout.svelte @@ -61,7 +61,7 @@ await auth.setInitInfo({ init_template: $params["?template"] }) } - await auth.checkAuth() + await auth.getSelf() await admin.init() if (useAccountPortal && multiTenancyEnabled) { diff --git a/packages/builder/src/pages/builder/auth/reset.svelte b/packages/builder/src/pages/builder/auth/reset.svelte index f78dd19eb9..5e5b615d73 100644 --- a/packages/builder/src/pages/builder/auth/reset.svelte +++ b/packages/builder/src/pages/builder/auth/reset.svelte @@ -31,7 +31,7 @@ } onMount(async () => { - await auth.checkAuth() + await auth.getSelf() await organisation.init() }) diff --git a/packages/builder/src/stores/portal/auth.js b/packages/builder/src/stores/portal/auth.js index bdd4d95915..c4197a89c0 100644 --- a/packages/builder/src/stores/portal/auth.js +++ b/packages/builder/src/stores/portal/auth.js @@ -108,11 +108,7 @@ export function createAuthStore() { return json } - return { - subscribe: store.subscribe, - setOrganisation, - getInitInfo, - setInitInfo, + const actions = { checkQueryString: async () => { const urlParams = new URLSearchParams(window.location.search) if (urlParams.has("tenantId")) { @@ -123,7 +119,7 @@ export function createAuthStore() { setOrg: async tenantId => { await setOrganisation(tenantId) }, - checkAuth: async () => { + getSelf: async () => { const response = await api.get("/api/global/users/self") if (response.status !== 200) { setUser(null) @@ -138,13 +134,12 @@ export function createAuthStore() { `/api/global/auth/${tenantId}/login`, creds ) - const json = await response.json() if (response.status === 200) { - setUser(json.user) + await actions.getSelf() } else { + const json = await response.json() throw new Error(json.message ? json.message : "Invalid credentials") } - return json }, logout: async () => { const response = await api.post(`/api/global/auth/logout`) @@ -197,6 +192,14 @@ export function createAuthStore() { await response.json() }, } + + return { + subscribe: store.subscribe, + setOrganisation, + getInitInfo, + setInitInfo, + ...actions, + } } export const auth = createAuthStore() diff --git a/packages/worker/src/api/controllers/global/auth.js b/packages/worker/src/api/controllers/global/auth.js index b39e8745e9..7b0e50c099 100644 --- a/packages/worker/src/api/controllers/global/auth.js +++ b/packages/worker/src/api/controllers/global/auth.js @@ -74,10 +74,7 @@ async function authInternal(ctx, user, err = null, info = null) { exports.authenticate = async (ctx, next) => { return passport.authenticate("local", async (err, user, info) => { await authInternal(ctx, user, err, info) - - delete user.token - - ctx.body = { user } + ctx.status = 200 })(ctx, next) }