Allow login via token in URL

2024-11-10 08:57:25 +01:00 · 2022-07-25 10:36:20 +02:00 · 2022-07-25 10:36:20 +02:00 · e500c1515e
commit e500c1515e
parent 4e7ff6f9bc
2 changed files with 6 additions and 3 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@ -152,7 +152,7 @@ func (auth *Authentication) AuthViaSession(rw http.ResponseWriter, r *http.Reque
 // Handle a POST request that should log the user in, starting a new session.
 func (auth *Authentication) Login(onsuccess http.Handler, onfailure func(rw http.ResponseWriter, r *http.Request, loginErr error)) http.Handler {
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
-		var err error
+		var err error = errors.New("no authenticator applied")
 		username := r.FormValue("username")
 		user := (*User)(nil)
 		if username != "" {
--- a/internal/auth/jwt.go
+++ b/internal/auth/jwt.go
@ -65,14 +65,17 @@ func (ja *JWTAuthenticator) Init(auth *Authentication, conf interface{}) error {
 }

 func (ja *JWTAuthenticator) CanLogin(user *User, rw http.ResponseWriter, r *http.Request) bool {
-	return (user != nil && user.AuthSource == AuthViaToken) || r.Header.Get("Authorization") != ""
+	return (user != nil && user.AuthSource == AuthViaToken) || r.Header.Get("Authorization") != "" || r.URL.Query().Get("login-token") != ""
 }

 func (ja *JWTAuthenticator) Login(user *User, rw http.ResponseWriter, r *http.Request) (*User, error) {
 	rawtoken := r.Header.Get("X-Auth-Token")
 	if rawtoken == "" {
 		rawtoken = r.Header.Get("Authorization")
-		rawtoken = strings.TrimPrefix("Bearer ", rawtoken)
+		rawtoken = strings.TrimPrefix(rawtoken, "Bearer ")
+		if rawtoken == "" {
+			rawtoken = r.URL.Query().Get("login-token")
+		}
 	}

 	token, err := jwt.Parse(rawtoken, func(t *jwt.Token) (interface{}, error) {