Allow auth server to fallback to password auth.

The authorisation server can now reply with 204 (no content) in order to request that the client should continue with password authentication.
2022-08-02 18:12:17 +02:00 · 2022-08-02 18:12:17 +02:00 · d69c517137
parent 3bdd82f06d
commit d69c517137
2 changed files with 14 additions and 4 deletions
--- a/README.PROTOCOL
+++ b/README.PROTOCOL
@ -389,10 +389,15 @@ a JSON dictionary of the following form:
    "password": password
 }
 ```
+
 If the user is not allowed to join the group, then the authorisation
-server replies with a code of 403 ("not authorised").  If the user is
-allowed to join, then the authorisation server replies with a signed JWT
-(a "JWS") the body of which has the following form:
+server replies with a code of 403 ("not authorised"), and Galene will
+reject the user.  If the authentication server has no opinion about
+whether the user is allowed to join, it replies with a code of 204 ("no
+content"), and Galene will proceed with ordinary password authorisation.
+
+If the user is allowed to join, then the authorisation server replies with
+a signed JWT (a "JWS") the body of which has the following form:
 ```javascript
 {
    "sub": username,
--- a/static/protocol.js
+++ b/static/protocol.js
@ -477,7 +477,12 @@ ServerConnection.prototype.join = async function(group, username, credentials, d
                throw new Error(
                    `The authorisation server said: ${r.status} ${r.statusText}`,
                );
-            m.token = await r.text();
+            let data = await r.text();
+            if(!data)
+                // empty data, continue with password auth
+                m.password = credentials.password;
+            else
+                m.token = data;
            break;
        default:
            throw new Error(`Unknown credentials type ${credentials.type}`);