1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-22 08:35:57 +01:00

Allow auth server to fallback to password auth.

The authorisation server can now reply with 204 (no content)
in order to request that the client should continue with password
authentication.
This commit is contained in:
Juliusz Chroboczek 2022-08-02 18:12:17 +02:00
parent 3bdd82f06d
commit d69c517137
2 changed files with 14 additions and 4 deletions

View file

@ -389,10 +389,15 @@ a JSON dictionary of the following form:
"password": password
}
```
If the user is not allowed to join the group, then the authorisation
server replies with a code of 403 ("not authorised"). If the user is
allowed to join, then the authorisation server replies with a signed JWT
(a "JWS") the body of which has the following form:
server replies with a code of 403 ("not authorised"), and Galene will
reject the user. If the authentication server has no opinion about
whether the user is allowed to join, it replies with a code of 204 ("no
content"), and Galene will proceed with ordinary password authorisation.
If the user is allowed to join, then the authorisation server replies with
a signed JWT (a "JWS") the body of which has the following form:
```javascript
{
"sub": username,

View file

@ -477,7 +477,12 @@ ServerConnection.prototype.join = async function(group, username, credentials, d
throw new Error(
`The authorisation server said: ${r.status} ${r.statusText}`,
);
m.token = await r.text();
let data = await r.text();
if(!data)
// empty data, continue with password auth
m.password = credentials.password;
else
m.token = data;
break;
default:
throw new Error(`Unknown credentials type ${credentials.type}`);