go/pocketbase
1
0
Fork 0
mirror of https://github.com/pocketbase/pocketbase.git synced 2025-11-25 07:34:10 +02:00
Code Issues Releases Activity

return an error in case of required MFA so that external handlers can react if necessary

Browse Source
This commit is contained in:
Gani Georgiev
2024-11-21 11:12:25 +02:00
parent 8ab02ce402
commit 7ee6b11e9d
3 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apis/record_auth_with_otp.go
View File

@@ -79,17 +79,17 @@ func recordAuthWithOTP(e *core.RequestEvent) error {
} }
} }
err = RecordAuthResponse(e.RequestEvent, e.Record, core.MFAMethodOTP, nil)
if err != nil {
return err
}
// try to delete the used otp // try to delete the used otp
err = e.App.Delete(e.OTP) err = e.App.Delete(e.OTP)
if err != nil { if err != nil {
e.App.Logger().Error("Failed to delete used OTP", "error", err, "otpId", e.OTP.Id) e.App.Logger().Error("Failed to delete used OTP", "error", err, "otpId", e.OTP.Id)
} }
err = RecordAuthResponse(e.RequestEvent, e.Record, core.MFAMethodOTP, nil)
if err != nil {
return err
}
return nil return nil
}) })
} }

7
apis/record_helpers.go
View File

@@ -20,6 +20,8 @@ const (
fieldsQueryParam = "fields" fieldsQueryParam = "fields"
) )
var ErrMFA = errors.New("mfa required")
// RecordAuthResponse writes standardized json record auth response // RecordAuthResponse writes standardized json record auth response
// into the specified request context. // into the specified request context.
// //
@@ -70,9 +72,12 @@ func recordAuthResponse(e *core.RequestEvent, authRecord *core.Record, token str
// require additional authentication // require additional authentication
if mfaId != "" { if mfaId != "" {
return e.JSON(http.StatusUnauthorized, map[string]string{ // eagerly write the mfa response and return an err so that
// external middlewars are aware that the auth response requires an extra step
e.JSON(http.StatusUnauthorized, map[string]string{
"mfaId": mfaId, "mfaId": mfaId,
}) })
return ErrMFA
} }
// --- // ---

9
apis/record_helpers_test.go
View File

@@ -2,6 +2,7 @@ package apis_test
import ( import (
"encoding/json" "encoding/json"
"errors"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"strings" "strings"
@@ -584,8 +585,8 @@ func TestRecordAuthResponseMFACheck(t *testing.T) {
user.Collection().MFA.Rule = "1=1" user.Collection().MFA.Rule = "1=1"
err = apis.RecordAuthResponse(event, user, "example", nil) err = apis.RecordAuthResponse(event, user, "example", nil)
if err != nil { if !errors.Is(err, apis.ErrMFA) {
t.Fatalf("Expected nil, got error: %v", err) t.Fatalf("Expected ErrMFA, got: %v", err)
} }
body := rec.Body.String() body := rec.Body.String()
@@ -602,8 +603,8 @@ func TestRecordAuthResponseMFACheck(t *testing.T) {
resetMFAs(user) resetMFAs(user)
err = apis.RecordAuthResponse(event, user, "example", nil) err = apis.RecordAuthResponse(event, user, "example", nil)
if err != nil { if !errors.Is(err, apis.ErrMFA) {
t.Fatalf("Expected nil, got error: %v", err) t.Fatalf("Expected ErrMFA, got: %v", err)
} }
body := rec.Body.String() body := rec.Body.String()