diff --git a/internal/webserver/authenticators/init.go b/internal/webserver/authenticators/init.go index dfcd427b..4d3cc324 100644 --- a/internal/webserver/authenticators/init.go +++ b/internal/webserver/authenticators/init.go @@ -51,17 +51,17 @@ func (e *enable) Enable() { *e = true } -func IssueChallengeTokenCookie(w http.ResponseWriter, r *http.Request, challenge string) error { +func IssueChallengeTokenCookie(w http.ResponseWriter, r *http.Request, challenge string) { cookie := http.Cookie{ Name: "challenge", Value: challenge, Expires: time.Now().Add(8 * time.Hour), - SameSite: http.SameSiteNoneMode, - Secure: r.URL.Scheme == "https", + SameSite: http.SameSiteLaxMode, + Secure: true, HttpOnly: false, + Path: "/", } http.SetCookie(w, &cookie) - return nil } diff --git a/internal/webserver/resources/static/js/challenge.js b/internal/webserver/resources/static/js/challenge.js index a7223959..dfb24045 100644 --- a/internal/webserver/resources/static/js/challenge.js +++ b/internal/webserver/resources/static/js/challenge.js @@ -4,11 +4,12 @@ const url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + "/chall let backoff = 200; let challenge = localStorage.getItem("challenge"); -if (challenge === null) { +if (challenge === null || challenge === "null") { // oidc sets the challenge via cookie challenge = getCookie("challenge"); - localStorage.setItem("challenge", challenge) - + if(challenge !== null) { + localStorage.setItem("challenge", challenge) + } deleteCookie("challenge") } diff --git a/internal/webserver/resources/static/js/pam.js b/internal/webserver/resources/static/js/pam.js index 4ea10c08..8dacfce1 100644 --- a/internal/webserver/resources/static/js/pam.js +++ b/internal/webserver/resources/static/js/pam.js @@ -72,9 +72,9 @@ async function loginUser(location) { document.getElementById("error").hidden = false; return } - - localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE")) - + if (send.headers.get("WAG-CHALLENGE") !== null) { + localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE")) + } } catch (e) { console.log("logging in user failed") document.getElementById("errorMsg").textContent = e.message; diff --git a/internal/webserver/resources/static/js/totp.js b/internal/webserver/resources/static/js/totp.js index a496b7ff..57f91bbb 100644 --- a/internal/webserver/resources/static/js/totp.js +++ b/internal/webserver/resources/static/js/totp.js @@ -80,8 +80,11 @@ async function loginUser(location) { return } - localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE")) - + + if (send.headers.get("WAG-CHALLENGE") !== null) { + localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE")) + } + } catch (e) { console.log("logging in user failed") document.getElementById("errorMsg").textContent = e.message; diff --git a/internal/webserver/resources/static/js/webauthn.js b/internal/webserver/resources/static/js/webauthn.js index 60eb9346..60de3576 100644 --- a/internal/webserver/resources/static/js/webauthn.js +++ b/internal/webserver/resources/static/js/webauthn.js @@ -213,8 +213,10 @@ async function loginUser(event) { return } - - localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE")) + + if (send.headers.get("WAG-CHALLENGE") !== null) { + localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE")) + } } catch (e) { console.log("logging in failed: ", e)