From 61fbb24db82a24a558933abcfadff286f524c207 Mon Sep 17 00:00:00 2001
From: r <r@freesoftwareextremist.com>
Date: Fri, 29 May 2020 13:28:42 +0000
Subject: Fix signin page redirection in single instance mode

---
 service/auth.go      | 16 ++++++++++++++--
 service/transport.go |  5 +++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/service/auth.go b/service/auth.go
index d16fab9..ef701c1 100644
--- a/service/auth.go
+++ b/service/auth.go
@@ -10,6 +10,7 @@ import (
 
 var (
 	errInvalidSession   = errors.New("invalid session")
+	errInvalidAccessToken = errors.New("invalid access token")
 	errInvalidCSRFToken = errors.New("invalid csrf token")
 )
 
@@ -23,7 +24,7 @@ func NewAuthService(sessionRepo model.SessionRepo, appRepo model.AppRepo, s Serv
 	return &as{sessionRepo, appRepo, s}
 }
 
-func (s *as) authenticateClient(c *model.Client) (err error) {
+func (s *as) initClient(c *model.Client) (err error) {
 	if len(c.Ctx.SessionID) < 1 {
 		return errInvalidSession
 	}
@@ -46,6 +47,17 @@ func (s *as) authenticateClient(c *model.Client) (err error) {
 	return nil
 }
 
+func (s *as) authenticateClient(c *model.Client) (err error) {
+	err = s.initClient(c)
+	if err != nil {
+		return
+	}
+	if len(c.Session.AccessToken) < 1 {
+		return errInvalidAccessToken
+	}
+	return nil
+}
+
 func checkCSRF(c *model.Client) (err error) {
 	if c.Ctx.CSRFToken != c.Session.CSRFToken {
 		return errInvalidCSRFToken
@@ -179,7 +191,7 @@ func (s *as) NewSession(instance string) (redirectUrl string,
 func (s *as) Signin(c *model.Client, sessionID string,
 	code string) (token string, userID string, err error) {
 	err = s.authenticateClient(c)
-	if err != nil {
+	if err != nil && err != errInvalidAccessToken {
 		return
 	}
 
diff --git a/service/transport.go b/service/transport.go
index 8dccd92..131c580 100644
--- a/service/transport.go
+++ b/service/transport.go
@@ -76,6 +76,11 @@ func NewHandler(s Service, staticDir string) http.Handler {
 			c := newClient(w, req, "")
 			err := s.ServeRootPage(c)
 			if err != nil {
+				if (err == errInvalidAccessToken) {
+					w.Header().Add("Location", "/signin")
+					w.WriteHeader(http.StatusFound)
+					return
+				}
 				w.WriteHeader(http.StatusInternalServerError)
 				s.ServeErrorPage(c, err)
 				return
-- 
cgit v1.2.3