try to get the CSRF token - w/o success & error 406

2025-01-15 14:28:40 +01:00
parent b6d7471408
commit cadb188a47
1 changed files with 60 additions and 28 deletions
--- a/src/admin-core/authProvider.ts
+++ b/src/admin-core/authProvider.ts
@@ -1,27 +1,10 @@
 import { AuthProvider, HttpError } from "react-admin";

 export const authProvider: AuthProvider = {
-  // @ts-ignore
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
  login: async ({ username, password }) => {
-    let response;
+    const responseLogin = await login(username, password);

-    try {
-      response = await fetch(
-        new Request(`${import.meta.env.VITE_AUTH_URL}/atsp-idp/token`, {
-          method: "POST",
-          credentials: "include",
-          body: new URLSearchParams({
-            grant_type: "authorization_code",
-            code: "code",
-            client_id: "client_id",
-          }),
-          headers: new Headers({
-            "Content-Type": "application/x-www-form-urlencoded",
-          }),
-        }),
-      );
-    } catch (_error) {
+    if (responseLogin.status < 200 || responseLogin.status >= 300) {
      return Promise.reject(
        new HttpError("Unauthorized", 401, {
          message: "Invalid username or password",
@@ -29,15 +12,11 @@ export const authProvider: AuthProvider = {
      );
    }

-    if (response.status < 200 || response.status >= 300) {
-      return Promise.reject(
-        new HttpError("Unauthorized", 401, {
-          message: "Invalid username or password",
-        }),
-      );
-    }
+    const responseCSRF = await csrf();

-    const { access_token } = await response.json();
+    console.log(responseCSRF);
+
+    const { access_token } = await responseLogin.json();
    localStorage.setItem("user", access_token);
    localStorage.setItem("token", access_token);

@@ -61,4 +40,57 @@ export const authProvider: AuthProvider = {
  },
 };

-export default authProvider;
+// @ts-ignore
+const login = async (username, password) => {
+  let response;
+
+  try {
+    response = await fetch(
+      new Request(`${import.meta.env.VITE_AUTH_URL}/atsp-idp/token`, {
+        method: "POST",
+        credentials: "include",
+        body: new URLSearchParams({
+          grant_type: "authorization_code",
+          code: "code",
+          client_id: "client_id",
+        }),
+        headers: new Headers({
+          "Content-Type": "application/x-www-form-urlencoded",
+        }),
+      }),
+    );
+  } catch (_error) {
+    return Promise.reject(
+      new HttpError("Unauthorized", 401, {
+        message: "Invalid username or password",
+      }),
+    );
+  }
+
+  return response;
+};
+
+const csrf = async () => {
+  let response;
+
+  try {
+    response = await fetch(
+      new Request(`${import.meta.env.VITE_SECURITY_REST_URL}/csrf`, {
+        method: "GET",
+        credentials: "include",
+        headers: new Headers({
+          Accept: "Accept application/json, text/plain, */*",
+          Priority: "u=4",
+        }),
+      }),
+    );
+  } catch (_error) {
+    return Promise.reject(
+      new HttpError("Unauthorized", 401, {
+        message: "Invalid username or password",
+      }),
+    );
+  }
+
+  return response;
+};