From c9bebe00452a73d1c831831e5a95cb4ed8de37b9 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Sun, 27 Sep 2020 16:15:38 +0200 Subject: [PATCH] fix: use correct security annotation --- .../httpclient/client/public/public_client.go | 60 ++++++++++------- .../client/public/whoami_parameters.go | 64 +++++++++++++++++-- selfservice/errorx/handler.go | 16 ++--- selfservice/flow/login/handler.go | 4 +- selfservice/flow/recovery/handler.go | 4 +- selfservice/flow/registration/handler.go | 4 +- selfservice/flow/settings/handler.go | 6 +- selfservice/strategy/password/settings.go | 2 +- selfservice/strategy/profile/strategy.go | 2 +- 9 files changed, 111 insertions(+), 51 deletions(-) diff --git a/internal/httpclient/client/public/public_client.go b/internal/httpclient/client/public/public_client.go index e59eb6ed029..928ba96f741 100644 --- a/internal/httpclient/client/public/public_client.go +++ b/internal/httpclient/client/public/public_client.go @@ -35,9 +35,9 @@ type ClientService interface { CompleteSelfServiceRegistrationFlowWithPasswordMethod(params *CompleteSelfServiceRegistrationFlowWithPasswordMethodParams) (*CompleteSelfServiceRegistrationFlowWithPasswordMethodOK, error) - CompleteSelfServiceSettingsFlowWithPasswordMethod(params *CompleteSelfServiceSettingsFlowWithPasswordMethodParams) (*CompleteSelfServiceSettingsFlowWithPasswordMethodOK, error) + CompleteSelfServiceSettingsFlowWithPasswordMethod(params *CompleteSelfServiceSettingsFlowWithPasswordMethodParams, authInfo runtime.ClientAuthInfoWriter) (*CompleteSelfServiceSettingsFlowWithPasswordMethodOK, error) - CompleteSelfServiceSettingsFlowWithProfileMethod(params *CompleteSelfServiceSettingsFlowWithProfileMethodParams) (*CompleteSelfServiceSettingsFlowWithProfileMethodOK, error) + CompleteSelfServiceSettingsFlowWithProfileMethod(params *CompleteSelfServiceSettingsFlowWithProfileMethodParams, authInfo runtime.ClientAuthInfoWriter) (*CompleteSelfServiceSettingsFlowWithProfileMethodOK, error) CompleteSelfServiceVerificationFlowWithLinkMethod(params *CompleteSelfServiceVerificationFlowWithLinkMethodParams) error @@ -51,27 +51,27 @@ type ClientService interface { GetSelfServiceRegistrationFlow(params *GetSelfServiceRegistrationFlowParams) (*GetSelfServiceRegistrationFlowOK, error) - GetSelfServiceSettingsFlow(params *GetSelfServiceSettingsFlowParams) (*GetSelfServiceSettingsFlowOK, error) + GetSelfServiceSettingsFlow(params *GetSelfServiceSettingsFlowParams, authInfo runtime.ClientAuthInfoWriter) (*GetSelfServiceSettingsFlowOK, error) GetSelfServiceVerificationFlow(params *GetSelfServiceVerificationFlowParams) (*GetSelfServiceVerificationFlowOK, error) InitializeSelfServiceBrowserLogoutFlow(params *InitializeSelfServiceBrowserLogoutFlowParams) error - InitializeSelfServiceLoginViaAPIFlow(params *InitializeSelfServiceLoginViaAPIFlowParams) (*InitializeSelfServiceLoginViaAPIFlowOK, error) + InitializeSelfServiceLoginViaAPIFlow(params *InitializeSelfServiceLoginViaAPIFlowParams, authInfo runtime.ClientAuthInfoWriter) (*InitializeSelfServiceLoginViaAPIFlowOK, error) - InitializeSelfServiceLoginViaBrowserFlow(params *InitializeSelfServiceLoginViaBrowserFlowParams) error + InitializeSelfServiceLoginViaBrowserFlow(params *InitializeSelfServiceLoginViaBrowserFlowParams, authInfo runtime.ClientAuthInfoWriter) error - InitializeSelfServiceRecoveryViaAPIFlow(params *InitializeSelfServiceRecoveryViaAPIFlowParams) (*InitializeSelfServiceRecoveryViaAPIFlowOK, error) + InitializeSelfServiceRecoveryViaAPIFlow(params *InitializeSelfServiceRecoveryViaAPIFlowParams, authInfo runtime.ClientAuthInfoWriter) (*InitializeSelfServiceRecoveryViaAPIFlowOK, error) - InitializeSelfServiceRecoveryViaBrowserFlow(params *InitializeSelfServiceRecoveryViaBrowserFlowParams) error + InitializeSelfServiceRecoveryViaBrowserFlow(params *InitializeSelfServiceRecoveryViaBrowserFlowParams, authInfo runtime.ClientAuthInfoWriter) error - InitializeSelfServiceRegistrationViaAPIFlow(params *InitializeSelfServiceRegistrationViaAPIFlowParams) (*InitializeSelfServiceRegistrationViaAPIFlowOK, error) + InitializeSelfServiceRegistrationViaAPIFlow(params *InitializeSelfServiceRegistrationViaAPIFlowParams, authInfo runtime.ClientAuthInfoWriter) (*InitializeSelfServiceRegistrationViaAPIFlowOK, error) - InitializeSelfServiceRegistrationViaBrowserFlow(params *InitializeSelfServiceRegistrationViaBrowserFlowParams) error + InitializeSelfServiceRegistrationViaBrowserFlow(params *InitializeSelfServiceRegistrationViaBrowserFlowParams, authInfo runtime.ClientAuthInfoWriter) error - InitializeSelfServiceSettingsViaAPIFlow(params *InitializeSelfServiceSettingsViaAPIFlowParams) (*InitializeSelfServiceSettingsViaAPIFlowOK, error) + InitializeSelfServiceSettingsViaAPIFlow(params *InitializeSelfServiceSettingsViaAPIFlowParams, authInfo runtime.ClientAuthInfoWriter) (*InitializeSelfServiceSettingsViaAPIFlowOK, error) - InitializeSelfServiceSettingsViaBrowserFlow(params *InitializeSelfServiceSettingsViaBrowserFlowParams) error + InitializeSelfServiceSettingsViaBrowserFlow(params *InitializeSelfServiceSettingsViaBrowserFlowParams, authInfo runtime.ClientAuthInfoWriter) error InitializeSelfServiceVerificationViaAPIFlow(params *InitializeSelfServiceVerificationViaAPIFlowParams) (*InitializeSelfServiceVerificationViaAPIFlowOK, error) @@ -79,7 +79,7 @@ type ClientService interface { RevokeSession(params *RevokeSessionParams) (*RevokeSessionNoContent, error) - Whoami(params *WhoamiParams) (*WhoamiOK, error) + Whoami(params *WhoamiParams, authInfo runtime.ClientAuthInfoWriter) (*WhoamiOK, error) SetTransport(transport runtime.ClientTransport) } @@ -280,7 +280,7 @@ a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privi More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). */ -func (a *Client) CompleteSelfServiceSettingsFlowWithPasswordMethod(params *CompleteSelfServiceSettingsFlowWithPasswordMethodParams) (*CompleteSelfServiceSettingsFlowWithPasswordMethodOK, error) { +func (a *Client) CompleteSelfServiceSettingsFlowWithPasswordMethod(params *CompleteSelfServiceSettingsFlowWithPasswordMethodParams, authInfo runtime.ClientAuthInfoWriter) (*CompleteSelfServiceSettingsFlowWithPasswordMethodOK, error) { // TODO: Validate the params before sending if params == nil { params = NewCompleteSelfServiceSettingsFlowWithPasswordMethodParams() @@ -295,6 +295,7 @@ func (a *Client) CompleteSelfServiceSettingsFlowWithPasswordMethod(params *Compl Schemes: []string{"http", "https"}, Params: params, Reader: &CompleteSelfServiceSettingsFlowWithPasswordMethodReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -332,7 +333,7 @@ a HTTP 302 redirect to the login endpoint when `selfservice.flows.settings.privi More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). */ -func (a *Client) CompleteSelfServiceSettingsFlowWithProfileMethod(params *CompleteSelfServiceSettingsFlowWithProfileMethodParams) (*CompleteSelfServiceSettingsFlowWithProfileMethodOK, error) { +func (a *Client) CompleteSelfServiceSettingsFlowWithProfileMethod(params *CompleteSelfServiceSettingsFlowWithProfileMethodParams, authInfo runtime.ClientAuthInfoWriter) (*CompleteSelfServiceSettingsFlowWithProfileMethodOK, error) { // TODO: Validate the params before sending if params == nil { params = NewCompleteSelfServiceSettingsFlowWithProfileMethodParams() @@ -347,6 +348,7 @@ func (a *Client) CompleteSelfServiceSettingsFlowWithProfileMethod(params *Comple Schemes: []string{"http", "https"}, Params: params, Reader: &CompleteSelfServiceSettingsFlowWithProfileMethodReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -608,7 +610,7 @@ You can access this endpoint without credentials when using ORY Kratos' Admin AP More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). */ -func (a *Client) GetSelfServiceSettingsFlow(params *GetSelfServiceSettingsFlowParams) (*GetSelfServiceSettingsFlowOK, error) { +func (a *Client) GetSelfServiceSettingsFlow(params *GetSelfServiceSettingsFlowParams, authInfo runtime.ClientAuthInfoWriter) (*GetSelfServiceSettingsFlowOK, error) { // TODO: Validate the params before sending if params == nil { params = NewGetSelfServiceSettingsFlowParams() @@ -623,6 +625,7 @@ func (a *Client) GetSelfServiceSettingsFlow(params *GetSelfServiceSettingsFlowPa Schemes: []string{"http", "https"}, Params: params, Reader: &GetSelfServiceSettingsFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -735,7 +738,7 @@ This endpoint MUST ONLY be used in scenarios such as native mobile apps (React N More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). */ -func (a *Client) InitializeSelfServiceLoginViaAPIFlow(params *InitializeSelfServiceLoginViaAPIFlowParams) (*InitializeSelfServiceLoginViaAPIFlowOK, error) { +func (a *Client) InitializeSelfServiceLoginViaAPIFlow(params *InitializeSelfServiceLoginViaAPIFlowParams, authInfo runtime.ClientAuthInfoWriter) (*InitializeSelfServiceLoginViaAPIFlowOK, error) { // TODO: Validate the params before sending if params == nil { params = NewInitializeSelfServiceLoginViaAPIFlowParams() @@ -750,6 +753,7 @@ func (a *Client) InitializeSelfServiceLoginViaAPIFlow(params *InitializeSelfServ Schemes: []string{"http", "https"}, Params: params, Reader: &InitializeSelfServiceLoginViaAPIFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -778,7 +782,7 @@ This endpoint is NOT INTENDED for API clients and only works with browsers (Chro More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). */ -func (a *Client) InitializeSelfServiceLoginViaBrowserFlow(params *InitializeSelfServiceLoginViaBrowserFlowParams) error { +func (a *Client) InitializeSelfServiceLoginViaBrowserFlow(params *InitializeSelfServiceLoginViaBrowserFlowParams, authInfo runtime.ClientAuthInfoWriter) error { // TODO: Validate the params before sending if params == nil { params = NewInitializeSelfServiceLoginViaBrowserFlowParams() @@ -793,6 +797,7 @@ func (a *Client) InitializeSelfServiceLoginViaBrowserFlow(params *InitializeSelf Schemes: []string{"http", "https"}, Params: params, Reader: &InitializeSelfServiceLoginViaBrowserFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -823,7 +828,7 @@ This endpoint MUST ONLY be used in scenarios such as native mobile apps (React N More information can be found at [ORY Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx). */ -func (a *Client) InitializeSelfServiceRecoveryViaAPIFlow(params *InitializeSelfServiceRecoveryViaAPIFlowParams) (*InitializeSelfServiceRecoveryViaAPIFlowOK, error) { +func (a *Client) InitializeSelfServiceRecoveryViaAPIFlow(params *InitializeSelfServiceRecoveryViaAPIFlowParams, authInfo runtime.ClientAuthInfoWriter) (*InitializeSelfServiceRecoveryViaAPIFlowOK, error) { // TODO: Validate the params before sending if params == nil { params = NewInitializeSelfServiceRecoveryViaAPIFlowParams() @@ -838,6 +843,7 @@ func (a *Client) InitializeSelfServiceRecoveryViaAPIFlow(params *InitializeSelfS Schemes: []string{"http", "https"}, Params: params, Reader: &InitializeSelfServiceRecoveryViaAPIFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -865,7 +871,7 @@ This endpoint is NOT INTENDED for API clients and only works with browsers (Chro More information can be found at [ORY Kratos Account Recovery Documentation](../self-service/flows/account-recovery.mdx). */ -func (a *Client) InitializeSelfServiceRecoveryViaBrowserFlow(params *InitializeSelfServiceRecoveryViaBrowserFlowParams) error { +func (a *Client) InitializeSelfServiceRecoveryViaBrowserFlow(params *InitializeSelfServiceRecoveryViaBrowserFlowParams, authInfo runtime.ClientAuthInfoWriter) error { // TODO: Validate the params before sending if params == nil { params = NewInitializeSelfServiceRecoveryViaBrowserFlowParams() @@ -880,6 +886,7 @@ func (a *Client) InitializeSelfServiceRecoveryViaBrowserFlow(params *InitializeS Schemes: []string{"http", "https"}, Params: params, Reader: &InitializeSelfServiceRecoveryViaBrowserFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -911,7 +918,7 @@ This endpoint MUST ONLY be used in scenarios such as native mobile apps (React N More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). */ -func (a *Client) InitializeSelfServiceRegistrationViaAPIFlow(params *InitializeSelfServiceRegistrationViaAPIFlowParams) (*InitializeSelfServiceRegistrationViaAPIFlowOK, error) { +func (a *Client) InitializeSelfServiceRegistrationViaAPIFlow(params *InitializeSelfServiceRegistrationViaAPIFlowParams, authInfo runtime.ClientAuthInfoWriter) (*InitializeSelfServiceRegistrationViaAPIFlowOK, error) { // TODO: Validate the params before sending if params == nil { params = NewInitializeSelfServiceRegistrationViaAPIFlowParams() @@ -926,6 +933,7 @@ func (a *Client) InitializeSelfServiceRegistrationViaAPIFlow(params *InitializeS Schemes: []string{"http", "https"}, Params: params, Reader: &InitializeSelfServiceRegistrationViaAPIFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -958,7 +966,7 @@ This endpoint is NOT INTENDED for API clients and only works with browsers (Chro More information can be found at [ORY Kratos User Login and User Registration Documentation](https://www.ory.sh/docs/next/kratos/self-service/flows/user-login-user-registration). */ -func (a *Client) InitializeSelfServiceRegistrationViaBrowserFlow(params *InitializeSelfServiceRegistrationViaBrowserFlowParams) error { +func (a *Client) InitializeSelfServiceRegistrationViaBrowserFlow(params *InitializeSelfServiceRegistrationViaBrowserFlowParams, authInfo runtime.ClientAuthInfoWriter) error { // TODO: Validate the params before sending if params == nil { params = NewInitializeSelfServiceRegistrationViaBrowserFlowParams() @@ -973,6 +981,7 @@ func (a *Client) InitializeSelfServiceRegistrationViaBrowserFlow(params *Initial Schemes: []string{"http", "https"}, Params: params, Reader: &InitializeSelfServiceRegistrationViaBrowserFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -1002,7 +1011,7 @@ This endpoint MUST ONLY be used in scenarios such as native mobile apps (React N More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). */ -func (a *Client) InitializeSelfServiceSettingsViaAPIFlow(params *InitializeSelfServiceSettingsViaAPIFlowParams) (*InitializeSelfServiceSettingsViaAPIFlowOK, error) { +func (a *Client) InitializeSelfServiceSettingsViaAPIFlow(params *InitializeSelfServiceSettingsViaAPIFlowParams, authInfo runtime.ClientAuthInfoWriter) (*InitializeSelfServiceSettingsViaAPIFlowOK, error) { // TODO: Validate the params before sending if params == nil { params = NewInitializeSelfServiceSettingsViaAPIFlowParams() @@ -1017,6 +1026,7 @@ func (a *Client) InitializeSelfServiceSettingsViaAPIFlow(params *InitializeSelfS Schemes: []string{"http", "https"}, Params: params, Reader: &InitializeSelfServiceSettingsViaAPIFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -1048,7 +1058,7 @@ This endpoint is NOT INTENDED for API clients and only works with browsers (Chro More information can be found at [ORY Kratos User Settings & Profile Management Documentation](../self-service/flows/user-settings). */ -func (a *Client) InitializeSelfServiceSettingsViaBrowserFlow(params *InitializeSelfServiceSettingsViaBrowserFlowParams) error { +func (a *Client) InitializeSelfServiceSettingsViaBrowserFlow(params *InitializeSelfServiceSettingsViaBrowserFlowParams, authInfo runtime.ClientAuthInfoWriter) error { // TODO: Validate the params before sending if params == nil { params = NewInitializeSelfServiceSettingsViaBrowserFlowParams() @@ -1063,6 +1073,7 @@ func (a *Client) InitializeSelfServiceSettingsViaBrowserFlow(params *InitializeS Schemes: []string{"http", "https"}, Params: params, Reader: &InitializeSelfServiceSettingsViaBrowserFlowReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) @@ -1204,7 +1215,7 @@ Additionally when the request it successful it adds the user ID to the 'X-Kratos This endpoint is useful for reverse proxies and API Gateways. */ -func (a *Client) Whoami(params *WhoamiParams) (*WhoamiOK, error) { +func (a *Client) Whoami(params *WhoamiParams, authInfo runtime.ClientAuthInfoWriter) (*WhoamiOK, error) { // TODO: Validate the params before sending if params == nil { params = NewWhoamiParams() @@ -1219,6 +1230,7 @@ func (a *Client) Whoami(params *WhoamiParams) (*WhoamiOK, error) { Schemes: []string{"http", "https"}, Params: params, Reader: &WhoamiReader{formats: a.formats}, + AuthInfo: authInfo, Context: params.Context, Client: params.HTTPClient, }) diff --git a/internal/httpclient/client/public/whoami_parameters.go b/internal/httpclient/client/public/whoami_parameters.go index c3a182c714b..2d011c9a6ac 100644 --- a/internal/httpclient/client/public/whoami_parameters.go +++ b/internal/httpclient/client/public/whoami_parameters.go @@ -19,7 +19,7 @@ import ( // NewWhoamiParams creates a new WhoamiParams object // with the default values initialized. func NewWhoamiParams() *WhoamiParams { - + var () return &WhoamiParams{ timeout: cr.DefaultTimeout, @@ -29,7 +29,7 @@ func NewWhoamiParams() *WhoamiParams { // NewWhoamiParamsWithTimeout creates a new WhoamiParams object // with the default values initialized, and the ability to set a timeout on a request func NewWhoamiParamsWithTimeout(timeout time.Duration) *WhoamiParams { - + var () return &WhoamiParams{ timeout: timeout, @@ -39,7 +39,7 @@ func NewWhoamiParamsWithTimeout(timeout time.Duration) *WhoamiParams { // NewWhoamiParamsWithContext creates a new WhoamiParams object // with the default values initialized, and the ability to set a context for a request func NewWhoamiParamsWithContext(ctx context.Context) *WhoamiParams { - + var () return &WhoamiParams{ Context: ctx, @@ -49,7 +49,7 @@ func NewWhoamiParamsWithContext(ctx context.Context) *WhoamiParams { // NewWhoamiParamsWithHTTPClient creates a new WhoamiParams object // with the default values initialized, and the ability to set a custom HTTPClient for a request func NewWhoamiParamsWithHTTPClient(client *http.Client) *WhoamiParams { - + var () return &WhoamiParams{ HTTPClient: client, } @@ -59,6 +59,15 @@ func NewWhoamiParamsWithHTTPClient(client *http.Client) *WhoamiParams { for the whoami operation typically these are written to a http.Request */ type WhoamiParams struct { + + /*Authorization + in: authorization + + */ + Authorization *string + /*Cookie*/ + Cookie *string + timeout time.Duration Context context.Context HTTPClient *http.Client @@ -97,6 +106,28 @@ func (o *WhoamiParams) SetHTTPClient(client *http.Client) { o.HTTPClient = client } +// WithAuthorization adds the authorization to the whoami params +func (o *WhoamiParams) WithAuthorization(authorization *string) *WhoamiParams { + o.SetAuthorization(authorization) + return o +} + +// SetAuthorization adds the authorization to the whoami params +func (o *WhoamiParams) SetAuthorization(authorization *string) { + o.Authorization = authorization +} + +// WithCookie adds the cookie to the whoami params +func (o *WhoamiParams) WithCookie(cookie *string) *WhoamiParams { + o.SetCookie(cookie) + return o +} + +// SetCookie adds the cookie to the whoami params +func (o *WhoamiParams) SetCookie(cookie *string) { + o.Cookie = cookie +} + // WriteToRequest writes these params to a swagger request func (o *WhoamiParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error { @@ -105,6 +136,31 @@ func (o *WhoamiParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Regist } var res []error + if o.Authorization != nil { + + // query param Authorization + var qrAuthorization string + if o.Authorization != nil { + qrAuthorization = *o.Authorization + } + qAuthorization := qrAuthorization + if qAuthorization != "" { + if err := r.SetQueryParam("Authorization", qAuthorization); err != nil { + return err + } + } + + } + + if o.Cookie != nil { + + // header param Cookie + if err := r.SetHeaderParam("Cookie", *o.Cookie); err != nil { + return err + } + + } + if len(res) > 0 { return errors.CompositeValidationError(res...) } diff --git a/selfservice/errorx/handler.go b/selfservice/errorx/handler.go index 5f3a358a0db..1b457b4a053 100644 --- a/selfservice/errorx/handler.go +++ b/selfservice/errorx/handler.go @@ -6,7 +6,6 @@ import ( "github.com/julienschmidt/httprouter" "github.com/justinas/nosurf" - "github.com/pkg/errors" "github.com/ory/herodot" @@ -68,15 +67,12 @@ type getSelfServiceErrorParameters struct { Error string `json:"error"` } -// swagger:route GET /self-service/errors common public admin getSelfServiceError +// swagger:route GET /self-service/errors public admin getSelfServiceError // // Get User-Facing Self-Service Errors // // This endpoint returns the error associated with a user-facing self service errors. // -// When accessing this endpoint through ORY Kratos' Public API, ensure that cookies are set as they are required for CSRF to work. To prevent -// token scanning attacks, the public endpoint does not return 404 status codes. -// // This endpoint supports stub values to help you implement the error UI: // // - `?error=stub:500` - returns a stub 500 (Internal Server Error) error. @@ -94,20 +90,20 @@ type getSelfServiceErrorParameters struct { // 404: genericError // 500: genericError func (h *Handler) publicFetchError(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - if err := h.fetchError(w, r, true); err != nil { + if err := h.fetchError(w, r); err != nil { h.r.Writer().WriteError(w, r, x.ErrInvalidCSRFToken.WithTrace(err).WithDebugf("%s", err)) return } } func (h *Handler) adminFetchError(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - if err := h.fetchError(w, r, false); err != nil { + if err := h.fetchError(w, r); err != nil { h.r.Writer().WriteError(w, r, err) return } } -func (h *Handler) fetchError(w http.ResponseWriter, r *http.Request, mustVerify bool) error { +func (h *Handler) fetchError(w http.ResponseWriter, r *http.Request) error { id := r.URL.Query().Get("error") switch id { case "stub:500": @@ -120,10 +116,6 @@ func (h *Handler) fetchError(w http.ResponseWriter, r *http.Request, mustVerify return err } - if mustVerify && !nosurf.VerifyToken(h.csrf(r), es.CSRFToken) { - return errors.WithStack(x.ErrInvalidCSRFToken) - } - h.r.Writer().Write(w, r, es) return nil } diff --git a/selfservice/flow/login/handler.go b/selfservice/flow/login/handler.go index d8c9fb175aa..c0bab9e0e3e 100644 --- a/selfservice/flow/login/handler.go +++ b/selfservice/flow/login/handler.go @@ -114,7 +114,7 @@ type initializeSelfServiceBrowserLoginFlow struct { // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 200: loginFlow @@ -161,7 +161,7 @@ func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprout // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 302: emptyResponse diff --git a/selfservice/flow/recovery/handler.go b/selfservice/flow/recovery/handler.go index 110e4403c31..b278677e687 100644 --- a/selfservice/flow/recovery/handler.go +++ b/selfservice/flow/recovery/handler.go @@ -84,7 +84,7 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) { // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 200: recoveryFlow @@ -120,7 +120,7 @@ func (h *Handler) initAPIFlow(w http.ResponseWriter, r *http.Request, _ httprout // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 302: emptyResponse diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index 2aff900a968..9e75b8cd32d 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -104,7 +104,7 @@ func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 200: registrationFlow @@ -140,7 +140,7 @@ func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, ps httprou // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 302: emptyResponse diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go index 6706c23041d..f87a684c858 100644 --- a/selfservice/flow/settings/handler.go +++ b/selfservice/flow/settings/handler.go @@ -127,7 +127,7 @@ func (h *Handler) NewFlow(w http.ResponseWriter, r *http.Request, i *identity.Id // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 200: settingsFlow @@ -168,7 +168,7 @@ func (h *Handler) initApiFlow(w http.ResponseWriter, r *http.Request, _ httprout // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 302: emptyResponse @@ -220,7 +220,7 @@ type getSelfServiceSettingsFlowParameters struct { // Schemes: http, https // // Security: -// - sessionToken +// sessionToken: // // Responses: // 200: settingsFlow diff --git a/selfservice/strategy/password/settings.go b/selfservice/strategy/password/settings.go index bf29b209531..4b4a9a83c27 100644 --- a/selfservice/strategy/password/settings.go +++ b/selfservice/strategy/password/settings.go @@ -105,7 +105,7 @@ func (p *CompleteSelfServiceSettingsFlowWithPasswordMethod) SetFlowID(rid uuid.U // - application/json // // Security: -// - sessionToken +// sessionToken: // // Schemes: http, https // diff --git a/selfservice/strategy/profile/strategy.go b/selfservice/strategy/profile/strategy.go index 532b4eeb796..eb5c85ce1b4 100644 --- a/selfservice/strategy/profile/strategy.go +++ b/selfservice/strategy/profile/strategy.go @@ -147,7 +147,7 @@ func (s *Strategy) PopulateSettingsMethod(r *http.Request, id *identity.Identity // - application/json // // Security: -// - sessionToken +// sessionToken: // // Schemes: http, https //