From db476080ad776a2c1ea0511bbdf5b15a6e84e37a Mon Sep 17 00:00:00 2001
From: dswbx <dennis.senn@gmx.ch>
Date: Sat, 1 Feb 2025 09:13:42 +0100
Subject: [PATCH] also sending cookies on json auth requests

---
 app/src/auth/api/AuthApi.ts                | 10 ++++++++--
 app/src/auth/authenticate/Authenticator.ts | 13 +++++++++----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/app/src/auth/api/AuthApi.ts b/app/src/auth/api/AuthApi.ts
index d02a258..f5ba882 100644
--- a/app/src/auth/api/AuthApi.ts
+++ b/app/src/auth/api/AuthApi.ts
@@ -15,7 +15,10 @@ export class AuthApi extends ModuleApi<AuthApiOptions> {
    }
 
    async login(strategy: string, input: any) {
-      const res = await this.post<AuthResponse>([strategy, "login"], input);
+      const res = await this.post<AuthResponse>([strategy, "login"], input, {
+         credentials: "include"
+      });
+
       if (res.ok && res.body.token) {
          await this.options.onTokenUpdate?.(res.body.token);
       }
@@ -23,7 +26,10 @@ export class AuthApi extends ModuleApi<AuthApiOptions> {
    }
 
    async register(strategy: string, input: any) {
-      const res = await this.post<AuthResponse>([strategy, "register"], input);
+      const res = await this.post<AuthResponse>([strategy, "register"], input, {
+         credentials: "include"
+      });
+
       if (res.ok && res.body.token) {
          await this.options.onTokenUpdate?.(res.body.token);
       }
diff --git a/app/src/auth/authenticate/Authenticator.ts b/app/src/auth/authenticate/Authenticator.ts
index 19088d9..96a2806 100644
--- a/app/src/auth/authenticate/Authenticator.ts
+++ b/app/src/auth/authenticate/Authenticator.ts
@@ -312,21 +312,26 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<
    }
 
    async respond(c: Context, data: AuthResponse | Error | any, redirect?: string) {
-      if (this.isJsonRequest(c)) {
-         return c.json(data);
-      }
-
       const successUrl = this.getSuccessPath(c);
       const referer = redirect ?? c.req.header("Referer") ?? successUrl;
       //console.log("auth respond", { redirect, successUrl, successPath });
 
       if ("token" in data) {
          await this.setAuthCookie(c, data.token);
+
+         if (this.isJsonRequest(c)) {
+            return c.json(data);
+         }
+
          // can't navigate to "/" – doesn't work on nextjs
          //console.log("auth success, redirecting to", successUrl);
          return c.redirect(successUrl);
       }
 
+      if (this.isJsonRequest(c)) {
+         return c.json(data, 400);
+      }
+
       let message = "An error occured";
       if (data instanceof Exception) {
          message = data.message;