diff options
| author | silverwind <me@silverwind.io> | 2023-09-19 02:50:30 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-19 00:50:30 +0000 |
| commit | ae8e8f055e9edfe258e641df8752a070ffdd6823 (patch) | |
| tree | 1181f5dec6a7e9cfff020aa08d073582cfcc5e43 /web_src/js/features/user-auth-webauthn.js | |
| parent | 8099238618f6573f1eb5cfeeb0902b641e7121ab (diff) | |
| download | gitea-ae8e8f055e9edfe258e641df8752a070ffdd6823.tar.gz gitea-ae8e8f055e9edfe258e641df8752a070ffdd6823.zip | |
Use fetch helpers instead of fetch (#27026)
WIP because:
- [x] Some calls set a `content-type` but send no body, can likely
remove the header
- [x] Need to check whether `charset=utf-8` has any significance on the
webauthn calls, I assume not as it is the default for json content.
- [x] Maybe `no-restricted-globals` is better for eslint, but will
require a lot of duplication in the yaml or moving eslint config to a
`.js` extension.
- [x] Maybe export `request` as `fetch`, shadowing the global.
Diffstat (limited to 'web_src/js/features/user-auth-webauthn.js')
| -rw-r--r-- | web_src/js/features/user-auth-webauthn.js | 38 |
1 files changed, 13 insertions, 25 deletions
diff --git a/web_src/js/features/user-auth-webauthn.js b/web_src/js/features/user-auth-webauthn.js index c4c2356cb3..363e039760 100644 --- a/web_src/js/features/user-auth-webauthn.js +++ b/web_src/js/features/user-auth-webauthn.js @@ -1,7 +1,8 @@ import {encodeURLEncodedBase64, decodeURLEncodedBase64} from '../utils.js'; import {showElem} from '../utils/dom.js'; +import {GET, POST} from '../modules/fetch.js'; -const {appSubUrl, csrfToken} = window.config; +const {appSubUrl} = window.config; export async function initUserAuthWebAuthn() { const elPrompt = document.querySelector('.user.signin.webauthn-prompt'); @@ -13,7 +14,7 @@ export async function initUserAuthWebAuthn() { return; } - const res = await fetch(`${appSubUrl}/user/webauthn/assertion`); + const res = await GET(`${appSubUrl}/user/webauthn/assertion`); if (res.status !== 200) { webAuthnError('unknown'); return; @@ -53,12 +54,8 @@ async function verifyAssertion(assertedCredential) { const sig = new Uint8Array(assertedCredential.response.signature); const userHandle = new Uint8Array(assertedCredential.response.userHandle); - const res = await fetch(`${appSubUrl}/user/webauthn/assertion`, { - method: 'POST', - headers: { - 'Content-Type': 'application/json; charset=utf-8' - }, - body: JSON.stringify({ + const res = await POST(`${appSubUrl}/user/webauthn/assertion`, { + data: { id: assertedCredential.id, rawId: encodeURLEncodedBase64(rawId), type: assertedCredential.type, @@ -69,7 +66,7 @@ async function verifyAssertion(assertedCredential) { signature: encodeURLEncodedBase64(sig), userHandle: encodeURLEncodedBase64(userHandle), }, - }), + }, }); if (res.status === 500) { webAuthnError('unknown'); @@ -88,13 +85,8 @@ async function webauthnRegistered(newCredential) { const clientDataJSON = new Uint8Array(newCredential.response.clientDataJSON); const rawId = new Uint8Array(newCredential.rawId); - const res = await fetch(`${appSubUrl}/user/settings/security/webauthn/register`, { - method: 'POST', - headers: { - 'X-Csrf-Token': csrfToken, - 'Content-Type': 'application/json; charset=utf-8', - }, - body: JSON.stringify({ + const res = await POST(`${appSubUrl}/user/settings/security/webauthn/register`, { + data: { id: newCredential.id, rawId: encodeURLEncodedBase64(rawId), type: newCredential.type, @@ -102,7 +94,7 @@ async function webauthnRegistered(newCredential) { attestationObject: encodeURLEncodedBase64(attestationObject), clientDataJSON: encodeURLEncodedBase64(clientDataJSON), }, - }), + }, }); if (res.status === 409) { @@ -165,15 +157,11 @@ export function initUserAuthWebAuthnRegister() { async function webAuthnRegisterRequest() { const elNickname = document.getElementById('nickname'); - const body = new FormData(); - body.append('name', elNickname.value); + const formData = new FormData(); + formData.append('name', elNickname.value); - const res = await fetch(`${appSubUrl}/user/settings/security/webauthn/request_register`, { - method: 'POST', - headers: { - 'X-Csrf-Token': csrfToken, - }, - body, + const res = await POST(`${appSubUrl}/user/settings/security/webauthn/request_register`, { + data: formData, }); if (res.status === 409) { |