Commit b821cd71 authored by Juliusz Chroboczek's avatar Juliusz Chroboczek

Check MIME type in auth server response.

parent d69c5171
...@@ -475,15 +475,36 @@ ServerConnection.prototype.join = async function(group, username, credentials, d ...@@ -475,15 +475,36 @@ ServerConnection.prototype.join = async function(group, username, credentials, d
}); });
if(!r.ok) if(!r.ok)
throw new Error( throw new Error(
`The authorisation server said: ${r.status} ${r.statusText}`, `The authorisation server said ${r.status} ${r.statusText}`,
); );
if(r.status === 204) {
// no data, fallback to password auth
m.password = credentials.password;
break;
}
let ctype = r.headers.get("Content-Type");
if(!ctype)
throw new Error(
"The authorisation server didn't return a content type",
);
let semi = ctype.indexOf(";");
if(semi >= 0)
ctype = ctype.slice(0, semi);
ctype = ctype.trim();
switch(ctype.toLowerCase()) {
case 'application/jwt':
let data = await r.text(); let data = await r.text();
if(!data) if(!data)
// empty data, continue with password auth throw new Error(
m.password = credentials.password; "The authorisation server returned empty token",
else );
m.token = data; m.token = data;
break; break;
default:
throw new Error(`The authorisation server returned ${ctype}`);
break;
}
break;
default: default:
throw new Error(`Unknown credentials type ${credentials.type}`); throw new Error(`Unknown credentials type ${credentials.type}`);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment