diff options
Diffstat (limited to 'internal/api/client/auth')
| -rw-r--r-- | internal/api/client/auth/authorize.go | 9 | ||||
| -rw-r--r-- | internal/api/client/auth/signin.go | 10 | ||||
| -rw-r--r-- | internal/api/client/auth/token.go | 9 |
3 files changed, 25 insertions, 3 deletions
diff --git a/internal/api/client/auth/authorize.go b/internal/api/client/auth/authorize.go index 6382f473d..35a681114 100644 --- a/internal/api/client/auth/authorize.go +++ b/internal/api/client/auth/authorize.go @@ -21,14 +21,16 @@ package auth import ( "errors" "fmt" - "github.com/sirupsen/logrus" "net/http" "net/url" "strings" + "github.com/sirupsen/logrus" + "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "github.com/google/uuid" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" @@ -41,6 +43,11 @@ func (m *Module) AuthorizeGETHandler(c *gin.Context) { l := logrus.WithField("func", "AuthorizeGETHandler") s := sessions.Default(c) + if _, err := api.NegotiateAccept(c, api.HTMLAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + // UserID will be set in the session by AuthorizePOSTHandler if the caller has already gone through the authentication flow // If it's not set, then we don't know yet who the user is, so we need to redirect them to the sign in page. userID, ok := s.Get(sessionUserID).(string) diff --git a/internal/api/client/auth/signin.go b/internal/api/client/auth/signin.go index 68944226f..cc60a3b52 100644 --- a/internal/api/client/auth/signin.go +++ b/internal/api/client/auth/signin.go @@ -21,11 +21,13 @@ package auth import ( "context" "errors" - "github.com/sirupsen/logrus" "net/http" + "github.com/sirupsen/logrus" + "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" + "github.com/superseriousbusiness/gotosocial/internal/api" "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "golang.org/x/crypto/bcrypt" @@ -43,6 +45,12 @@ type login struct { func (m *Module) SignInGETHandler(c *gin.Context) { l := logrus.WithField("func", "SignInGETHandler") l.Trace("entering sign in handler") + + if _, err := api.NegotiateAccept(c, api.HTMLAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + if m.idp != nil { s := sessions.Default(c) diff --git a/internal/api/client/auth/token.go b/internal/api/client/auth/token.go index f24840c9f..d3e362f8f 100644 --- a/internal/api/client/auth/token.go +++ b/internal/api/client/auth/token.go @@ -19,10 +19,12 @@ package auth import ( - "github.com/sirupsen/logrus" "net/http" "net/url" + "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api" + "github.com/gin-gonic/gin" ) @@ -41,6 +43,11 @@ func (m *Module) TokenPOSTHandler(c *gin.Context) { l := logrus.WithField("func", "TokenPOSTHandler") l.Trace("entered TokenPOSTHandler") + if _, err := api.NegotiateAccept(c, api.JSONAcceptHeaders...); err != nil { + c.JSON(http.StatusNotAcceptable, gin.H{"error": err.Error()}) + return + } + form := &tokenBody{} if err := c.ShouldBind(form); err == nil { c.Request.Form = url.Values{} |