eeva/servant
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Set XSRF cookie only when authentication succeeds if no error is thrown

Browse Source
This commit is contained in:
Gaël Deest 2022-03-23 23:52:12 +01:00
parent b84095ee5a
commit c5a3bc1b51
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
servant-auth/servant-auth-server/src/Servant/Auth/Server/Internal.hs
View File

@ -54,15 +54,12 @@ instance ( n ~ 'S ('S 'Z)
makeCookies :: AuthResult v -> IO (SetCookieList ('S ('S 'Z))) makeCookies :: AuthResult v -> IO (SetCookieList ('S ('S 'Z)))
makeCookies authResult = do makeCookies authResult = do
xsrf <- makeXsrfCookie cookieSettings case authResult of
fmap (Just xsrf `SetCookieCons`) $ (Authenticated v) -> do
case authResult of ejwt <- makeSessionCookie cookieSettings jwtSettings v
(Authenticated v) -> do xsrf <- makeXsrfCookie cookieSettings
ejwt <- makeSessionCookie cookieSettings jwtSettings v return $ Just xsrf `SetCookieCons` (ejwt `SetCookieCons` SetCookieNil)
case ejwt of _ -> return $ Nothing `SetCookieCons` (Nothing `SetCookieCons` SetCookieNil)
Nothing -> return $ Nothing `SetCookieCons` SetCookieNil
Just jwt -> return $ Just jwt `SetCookieCons` SetCookieNil
_ -> return $ Nothing `SetCookieCons` SetCookieNil
go :: (AuthResult v -> ServerT api Handler) go :: (AuthResult v -> ServerT api Handler)
-> (AuthResult v, SetCookieList n) -> (AuthResult v, SetCookieList n)