From b821cd71a985b190b96bfe307c16c725716284f8 Mon Sep 17 00:00:00 2001 From: Juliusz Chroboczek Date: Wed, 3 Aug 2022 15:00:50 +0200 Subject: [PATCH] Check MIME type in auth server response. --- static/protocol.js | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/static/protocol.js b/static/protocol.js index 57d6770..2d8de34 100644 --- a/static/protocol.js +++ b/static/protocol.js @@ -475,14 +475,35 @@ ServerConnection.prototype.join = async function(group, username, credentials, d }); if(!r.ok) throw new Error( - `The authorisation server said: ${r.status} ${r.statusText}`, + `The authorisation server said ${r.status} ${r.statusText}`, ); - let data = await r.text(); - if(!data) - // empty data, continue with password auth + if(r.status === 204) { + // no data, fallback to password auth m.password = credentials.password; - else + break; + } + let ctype = r.headers.get("Content-Type"); + if(!ctype) + throw new Error( + "The authorisation server didn't return a content type", + ); + let semi = ctype.indexOf(";"); + if(semi >= 0) + ctype = ctype.slice(0, semi); + ctype = ctype.trim(); + switch(ctype.toLowerCase()) { + case 'application/jwt': + let data = await r.text(); + if(!data) + throw new Error( + "The authorisation server returned empty token", + ); m.token = data; + break; + default: + throw new Error(`The authorisation server returned ${ctype}`); + break; + } break; default: throw new Error(`Unknown credentials type ${credentials.type}`);