From d69c517137371375d1194eb187c4118319afca22 Mon Sep 17 00:00:00 2001 From: Juliusz Chroboczek Date: Tue, 2 Aug 2022 18:12:17 +0200 Subject: [PATCH] Allow auth server to fallback to password auth. The authorisation server can now reply with 204 (no content) in order to request that the client should continue with password authentication. --- README.PROTOCOL | 11 ++++++++--- static/protocol.js | 7 ++++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.PROTOCOL b/README.PROTOCOL index 9b302f7..df57463 100644 --- a/README.PROTOCOL +++ b/README.PROTOCOL @@ -389,10 +389,15 @@ a JSON dictionary of the following form: "password": password } ``` + If the user is not allowed to join the group, then the authorisation -server replies with a code of 403 ("not authorised"). If the user is -allowed to join, then the authorisation server replies with a signed JWT -(a "JWS") the body of which has the following form: +server replies with a code of 403 ("not authorised"), and Galene will +reject the user. If the authentication server has no opinion about +whether the user is allowed to join, it replies with a code of 204 ("no +content"), and Galene will proceed with ordinary password authorisation. + +If the user is allowed to join, then the authorisation server replies with +a signed JWT (a "JWS") the body of which has the following form: ```javascript { "sub": username, diff --git a/static/protocol.js b/static/protocol.js index 0d43f7f..57d6770 100644 --- a/static/protocol.js +++ b/static/protocol.js @@ -477,7 +477,12 @@ ServerConnection.prototype.join = async function(group, username, credentials, d throw new Error( `The authorisation server said: ${r.status} ${r.statusText}`, ); - m.token = await r.text(); + let data = await r.text(); + if(!data) + // empty data, continue with password auth + m.password = credentials.password; + else + m.token = data; break; default: throw new Error(`Unknown credentials type ${credentials.type}`);