auth: try to re-authenticate
This commit is contained in:
parent
dea3ab3106
commit
ab599a27fa
31
auth/auth.go
31
auth/auth.go
|
@ -5,6 +5,7 @@ import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
|
@ -97,15 +98,29 @@ func EncryptAndSave(auth *CachedAuth, username string, secretKey *[32]byte) erro
|
||||||
return saveAuths(auths)
|
return saveAuths(auths)
|
||||||
}
|
}
|
||||||
|
|
||||||
func authenticate(c *protonmail.Client, CachedAuth *CachedAuth) (openpgp.EntityList, error) {
|
func authenticate(c *protonmail.Client, cachedAuth *CachedAuth, username string) (openpgp.EntityList, error) {
|
||||||
auth, err := c.AuthRefresh(&CachedAuth.Auth)
|
auth, err := c.AuthRefresh(&cachedAuth.Auth)
|
||||||
if err != nil {
|
if apiErr, ok := err.(*protonmail.ApiError); ok && apiErr.Code == 10013 {
|
||||||
// TODO: handle expired token, re-authenticate
|
// Invalid refresh token, re-authenticate
|
||||||
|
authInfo, err := c.AuthInfo(username)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("cannot re-authenticate: failed to get auth info: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if authInfo.TwoFactor == 1 {
|
||||||
|
return nil, fmt.Errorf("cannot re-authenticate: two factor authentication enabled, please login manually")
|
||||||
|
}
|
||||||
|
|
||||||
|
auth, err = c.Auth(username, cachedAuth.LoginPassword, "", authInfo)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("cannot re-authenticate: %v", err)
|
||||||
|
}
|
||||||
|
} else if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
CachedAuth.Auth = *auth
|
cachedAuth.Auth = *auth
|
||||||
|
|
||||||
return c.Unlock(auth, CachedAuth.MailboxPassword)
|
return c.Unlock(auth, cachedAuth.MailboxPassword)
|
||||||
}
|
}
|
||||||
|
|
||||||
func GeneratePassword() (secretKey *[32]byte, password string, err error) {
|
func GeneratePassword() (secretKey *[32]byte, password string, err error) {
|
||||||
|
@ -168,14 +183,14 @@ func (m *Manager) Auth(username, password string) (*protonmail.Client, openpgp.E
|
||||||
|
|
||||||
c := m.newClient()
|
c := m.newClient()
|
||||||
c.ReAuth = func() error {
|
c.ReAuth = func() error {
|
||||||
if _, err := authenticate(c, &cachedAuth); err != nil {
|
if _, err := authenticate(c, &cachedAuth, username); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return EncryptAndSave(&cachedAuth, username, &secretKey)
|
return EncryptAndSave(&cachedAuth, username, &secretKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
// authenticate updates cachedAuth with the new refresh token
|
// authenticate updates cachedAuth with the new refresh token
|
||||||
privateKeys, err := authenticate(c, &cachedAuth)
|
privateKeys, err := authenticate(c, &cachedAuth, username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue