From 45e0ceb4dacd3fd64c23aa238fc5e5f81f399c49 Mon Sep 17 00:00:00 2001 From: zepatrik <11patti1@gmx.de> Date: Mon, 10 Feb 2020 14:44:38 +0100 Subject: [PATCH 1/3] u --- docs/api.swagger.json | 5 ++++- selfservice/strategy/oidc/strategy.go | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/api.swagger.json b/docs/api.swagger.json index 948cfbd1b60b..1c118538b6ce 100755 --- a/docs/api.swagger.json +++ b/docs/api.swagger.json @@ -766,7 +766,10 @@ "Traits": { "type": "object" }, - "UUID": {"type": "string", "format": "uuid4"}, + "UUID": { + "type": "string", + "format": "uuid4" + }, "completeSelfServiceBrowserProfileManagementFlowPayload": { "type": "object", "required": [ diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go index 38df37332014..3c77e30cd263 100644 --- a/selfservice/strategy/oidc/strategy.go +++ b/selfservice/strategy/oidc/strategy.go @@ -194,6 +194,7 @@ func (s *Strategy) validateRequest(ctx context.Context, rid uuid.UUID) (request, if ar, err := s.d.RegistrationRequestPersister().GetRegistrationRequest(ctx, rid); err == nil { if err := ar.Valid(); err != nil { + // create new request because the old one is not valid return nil, err } return ar, nil @@ -205,6 +206,7 @@ func (s *Strategy) validateRequest(ctx context.Context, rid uuid.UUID) (request, } if err := ar.Valid(); err != nil { + // create new request because the old one is not valid return nil, err } From 8d1bee5a84f7760fe48ca646d11835656c222616 Mon Sep 17 00:00:00 2001 From: zepatrik <11patti1@gmx.de> Date: Mon, 10 Feb 2020 15:47:11 +0100 Subject: [PATCH 2/3] u --- selfservice/strategy/oidc/strategy.go | 85 +++++++++++++++------- selfservice/strategy/oidc/strategy_test.go | 3 + 2 files changed, 62 insertions(+), 26 deletions(-) diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go index 3c77e30cd263..6621f34c76c2 100644 --- a/selfservice/strategy/oidc/strategy.go +++ b/selfservice/strategy/oidc/strategy.go @@ -168,7 +168,7 @@ func (s *Strategy) handleAuth(w http.ResponseWriter, r *http.Request, ps httprou return } - if _, err := s.validateRequest(r.Context(), rid); err != nil { + if _, err := s.validateRequest(w, r, rid); err != nil { s.handleError(w, r, rid, nil, err) return } @@ -187,56 +187,94 @@ func (s *Strategy) handleAuth(w http.ResponseWriter, r *http.Request, ps httprou http.Redirect(w, r, config.AuthCodeURL(state), http.StatusFound) } -func (s *Strategy) validateRequest(ctx context.Context, rid uuid.UUID) (request, error) { +func (s *Strategy) validateRequest(w http.ResponseWriter, r *http.Request, rid uuid.UUID) request { if x.IsZeroUUID(rid) { - return nil, errors.WithStack(herodot.ErrBadRequest.WithReason("The session cookie contains invalid values and the request could not be executed. Please try again.")) + s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReason("The session cookie contains invalid values and the request could not be executed. Please try again."))) + return nil } - if ar, err := s.d.RegistrationRequestPersister().GetRegistrationRequest(ctx, rid); err == nil { + if ar, err := s.d.RegistrationRequestPersister().GetRegistrationRequest(r.Context(), rid); err == nil { if err := ar.Valid(); err != nil { // create new request because the old one is not valid - return nil, err + if err = s.d.LoginHandler().NewLoginRequest(w, r, func(a *login.Request) (string, error) { + for name, method := range a.Methods { + method.Config.AddError(&form.Error{Message: "Your session expired, please try again."}) + if err := s.d.LoginRequestPersister().UpdateLoginRequest(context.TODO(), a.ID, name, method); err != nil { + return s.d.SelfServiceErrorManager().Create(r.Context(), w, r, err) + } + a.Methods[name] = method + } + + return urlx.CopyWithQuery(s.c.LoginURL(), url.Values{"request": {a.ID.String()}}).String(), nil + }); err != nil { + s.handleError(w, r, rid, nil, err) + return nil + } + s.handleError(w, r, rid, nil, err) + return nil } - return ar, nil + return ar } - ar, err := s.d.LoginRequestPersister().GetLoginRequest(ctx, rid) + ar, err := s.d.LoginRequestPersister().GetLoginRequest(r.Context(), rid) if err != nil { - return nil, err + s.handleError(w, r, rid, nil, err) + return nil } if err := ar.Valid(); err != nil { // create new request because the old one is not valid - return nil, err + // create new request because the old one is not valid + if err = s.d.RegistrationHandler().NewRegistrationRequest(w, r, func(a *registration.Request) (string, error) { + for name, method := range a.Methods { + method.Config.AddError(&form.Error{Message: "Your session expired, please try again."}) + if err := s.d.RegistrationRequestPersister().UpdateRegistrationRequest(context.TODO(), a.ID, name, method); err != nil { + return s.d.SelfServiceErrorManager().Create(r.Context(), w, r, err) + } + a.Methods[name] = method + } + + return urlx.CopyWithQuery(s.c.LoginURL(), url.Values{"request": {a.ID.String()}}).String(), nil + }); err != nil { + s.handleError(w, r, rid, nil, err) + return nil + } + s.handleError(w, r, rid, nil, err) + return nil } - return ar, nil + return ar } -func (s *Strategy) validateCallback(r *http.Request) (request, error) { +func (s *Strategy) validateCallback(w http.ResponseWriter, r *http.Request) request { var ( code = r.URL.Query().Get("code") + rid = x.ParseUUID(x.SessionGetStringOr(r, s.d.CookieManager(), sessionName, sessionRequestID, "")) ) if state := r.URL.Query().Get("state"); state == "" { - return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider did not return the state query parameter.`)) + s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider did not return the state query parameter.`))) + return nil } else if state != x.SessionGetStringOr(r, s.d.CookieManager(), sessionName, sessionKeyState, "") { - return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the query state parameter does not match the state parameter from the session cookie.`)) + s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the query state parameter does not match the state parameter from the session cookie.`))) + return nil } - ar, err := s.validateRequest(r.Context(), x.ParseUUID(x.SessionGetStringOr(r, s.d.CookieManager(), sessionName, sessionRequestID, ""))) - if err != nil { - return nil, err + ar := s.validateRequest(w, r, rid) + if ar == nil { + return nil } if r.URL.Query().Get("error") != "" { - return ar, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider returned error "%s": %s`, r.URL.Query().Get("error"), r.URL.Query().Get("error_description"))) + s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider returned error "%s": %s`, r.URL.Query().Get("error"), r.URL.Query().Get("error_description")))) + return ar } if code == "" { - return ar, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider did not return the code query parameter.`)) + s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider did not return the code query parameter.`))) + return ar } - return ar, nil + return ar } func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { @@ -245,13 +283,8 @@ func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps htt pid = ps.ByName("provider") ) - ar, err := s.validateCallback(r) - if err != nil { - if ar != nil { - s.handleError(w, r, ar.GetID(), nil, err) - } else { - s.handleError(w, r, x.EmptyUUID, nil, err) - } + ar := s.validateCallback(w, r) + if ar == nil { return } diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go index af37832a157b..c1ffbe1815c8 100644 --- a/selfservice/strategy/oidc/strategy_test.go +++ b/selfservice/strategy/oidc/strategy_test.go @@ -325,6 +325,9 @@ func TestStrategy(t *testing.T) { t.Run("case=should fail because the login request is expired", func(t *testing.T) { r := nlr(t, returnTS.URL, -time.Minute) res, body := mr(t, "valid", r.ID, url.Values{}) + + t.Log(body) + assert.NotEqual(t, r.ID, gjson.GetBytes(body, "id")) aue(t, res, body, "login request expired") }) From b645b4f5a8d9969b697d6b65321ddc98621a7eee Mon Sep 17 00:00:00 2001 From: zepatrik <11patti1@gmx.de> Date: Tue, 11 Feb 2020 14:58:11 +0100 Subject: [PATCH 3/3] u --- selfservice/flow/login/error.go | 41 ++++++++- selfservice/flow/login/request.go | 2 +- selfservice/flow/registration/error.go | 41 ++++++++- selfservice/flow/registration/request.go | 2 +- selfservice/strategy/oidc/strategy.go | 87 ++++++------------- selfservice/strategy/oidc/strategy_test.go | 7 +- selfservice/strategy/password/login.go | 17 +--- selfservice/strategy/password/registration.go | 18 +--- 8 files changed, 108 insertions(+), 107 deletions(-) diff --git a/selfservice/flow/login/error.go b/selfservice/flow/login/error.go index 65d9870be02c..497d00fa2699 100644 --- a/selfservice/flow/login/error.go +++ b/selfservice/flow/login/error.go @@ -1,9 +1,13 @@ package login import ( + "context" "fmt" + "github.com/ory/kratos/selfservice/form" + "github.com/ory/x/errorsx" "net/http" "net/url" + "time" "github.com/pkg/errors" @@ -18,10 +22,6 @@ import ( var ( ErrHookAbortRequest = errors.New("abort hook") - - ErrRequestExpired = herodot.ErrBadRequest. - WithError("login request expired"). - WithReasonf(`The login request has expired. Please restart the flow.`) ) type ( @@ -31,6 +31,7 @@ type ( x.LoggingProvider RequestPersistenceProvider + HandlerProvider } ErrorHandlerProvider interface{ LoginRequestErrorHandler() *ErrorHandler } @@ -39,8 +40,21 @@ type ( d errorHandlerDependencies c configuration.Provider } + + requestExpiredError struct { + *herodot.DefaultError + } ) +func newRequestExpiredError(since time.Duration) requestExpiredError { + return requestExpiredError{ + herodot.ErrBadRequest. + WithError("login request expired"). + WithReasonf(`The login request has expired. Please restart the flow.`). + WithReasonf("The login request expired %.2f minutes ago, please try again.", since.Minutes()), + } +} + func NewErrorHandler(d errorHandlerDependencies, c configuration.Provider) *ErrorHandler { return &ErrorHandler{ d: d, @@ -61,6 +75,25 @@ func (s *ErrorHandler) HandleLoginError( WithField("login_request", rr). Warn("Encountered login error.") + if _, ok := errorsx.Cause(err).(requestExpiredError); ok { + // create new request because the old one is not valid + if err = s.d.LoginHandler().NewLoginRequest(w, r, func(a *Request) (string, error) { + for name, method := range a.Methods { + method.Config.AddError(&form.Error{Message: "Your session expired, please try again."}) + if err := s.d.LoginRequestPersister().UpdateLoginRequest(context.TODO(), a.ID, name, method); err != nil { + return s.d.SelfServiceErrorManager().Create(r.Context(), w, r, err) + } + a.Methods[name] = method + } + + return urlx.CopyWithQuery(s.c.LoginURL(), url.Values{"request": {a.ID.String()}}).String(), nil + }); err != nil { + // failed to create a new session and redirect to it, handle that error as a new one + s.HandleLoginError(w, r, ct, rr, err) + } + return + } + if rr == nil { s.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) return diff --git a/selfservice/flow/login/request.go b/selfservice/flow/login/request.go index 03467d040e62..47192ba24fa9 100644 --- a/selfservice/flow/login/request.go +++ b/selfservice/flow/login/request.go @@ -118,7 +118,7 @@ func (r Request) TableName() string { func (r *Request) Valid() error { if r.ExpiresAt.Before(time.Now()) { - return errors.WithStack(ErrRequestExpired.WithReasonf("The login request expired %.2f minutes ago, please try again.", time.Since(r.ExpiresAt).Minutes())) + return errors.WithStack(newRequestExpiredError(time.Since(r.ExpiresAt))) } if r.IssuedAt.After(time.Now()) { diff --git a/selfservice/flow/registration/error.go b/selfservice/flow/registration/error.go index 3a1892e31dd1..dd1e3ca68d7a 100644 --- a/selfservice/flow/registration/error.go +++ b/selfservice/flow/registration/error.go @@ -1,9 +1,13 @@ package registration import ( + "context" "fmt" + "github.com/ory/kratos/selfservice/form" + "github.com/ory/x/errorsx" "net/http" "net/url" + "time" "github.com/pkg/errors" @@ -18,10 +22,6 @@ import ( var ( ErrHookAbortRequest = errors.New("abort hook") - - ErrRequestExpired = herodot.ErrBadRequest. - WithError("registration request expired"). - WithReasonf(`The registration request has expired. Please restart the flow.`) ) type ( @@ -31,6 +31,7 @@ type ( x.LoggingProvider RequestPersistenceProvider + HandlerProvider } ErrorHandlerProvider interface{ RegistrationRequestErrorHandler() *ErrorHandler } @@ -39,8 +40,21 @@ type ( d errorHandlerDependencies c configuration.Provider } + + requestExpiredError struct { + *herodot.DefaultError + } ) +func newRequestExpiredError(since time.Duration) requestExpiredError { + return requestExpiredError{ + herodot.ErrBadRequest. + WithError("registration request expired"). + WithReasonf(`The registration request has expired. Please restart the flow.`). + WithReasonf("The registration request expired %.2f minutes ago, please try again.", since.Minutes()), + } +} + func NewErrorHandler(d errorHandlerDependencies, c configuration.Provider) *ErrorHandler { return &ErrorHandler{ d: d, @@ -61,6 +75,25 @@ func (s *ErrorHandler) HandleRegistrationError( WithField("login_request", rr). Warn("Encountered login error.") + if _, ok := errorsx.Cause(err).(requestExpiredError); ok { + // create new request because the old one is not valid + if err = s.d.RegistrationHandler().NewRegistrationRequest(w, r, func(a *Request) (string, error) { + for name, method := range a.Methods { + method.Config.AddError(&form.Error{Message: "Your session expired, please try again."}) + if err := s.d.RegistrationRequestPersister().UpdateRegistrationRequest(context.TODO(), a.ID, name, method); err != nil { + return s.d.SelfServiceErrorManager().Create(r.Context(), w, r, err) + } + a.Methods[name] = method + } + + return urlx.CopyWithQuery(s.c.RegisterURL(), url.Values{"request": {a.ID.String()}}).String(), nil + }); err != nil { + // failed to create a new session and redirect to it, handle that error as a new one + s.HandleRegistrationError(w, r, ct, rr, err) + } + return + } + if rr == nil { s.d.SelfServiceErrorManager().Forward(r.Context(), w, r, err) return diff --git a/selfservice/flow/registration/request.go b/selfservice/flow/registration/request.go index c21068efce90..491b72cc956f 100644 --- a/selfservice/flow/registration/request.go +++ b/selfservice/flow/registration/request.go @@ -124,7 +124,7 @@ func (r *Request) GetID() uuid.UUID { func (r *Request) Valid() error { if r.ExpiresAt.Before(time.Now()) { - return errors.WithStack(ErrRequestExpired.WithReasonf("The registration request expired %.2f minutes ago, please try again.", time.Since(r.ExpiresAt).Minutes())) + return errors.WithStack(newRequestExpiredError(time.Since(r.ExpiresAt))) } if r.IssuedAt.After(time.Now()) { return errors.WithStack(herodot.ErrBadRequest.WithReason("The registration request was issued in the future.")) diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go index 6621f34c76c2..a24ab02b17ae 100644 --- a/selfservice/strategy/oidc/strategy.go +++ b/selfservice/strategy/oidc/strategy.go @@ -168,7 +168,7 @@ func (s *Strategy) handleAuth(w http.ResponseWriter, r *http.Request, ps httprou return } - if _, err := s.validateRequest(w, r, rid); err != nil { + if _, err := s.validateRequest(r.Context(), rid); err != nil { s.handleError(w, r, rid, nil, err) return } @@ -187,94 +187,54 @@ func (s *Strategy) handleAuth(w http.ResponseWriter, r *http.Request, ps httprou http.Redirect(w, r, config.AuthCodeURL(state), http.StatusFound) } -func (s *Strategy) validateRequest(w http.ResponseWriter, r *http.Request, rid uuid.UUID) request { +func (s *Strategy) validateRequest(ctx context.Context, rid uuid.UUID) (request, error) { if x.IsZeroUUID(rid) { - s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReason("The session cookie contains invalid values and the request could not be executed. Please try again."))) - return nil + return nil, errors.WithStack(herodot.ErrBadRequest.WithReason("The session cookie contains invalid values and the request could not be executed. Please try again.")) } - if ar, err := s.d.RegistrationRequestPersister().GetRegistrationRequest(r.Context(), rid); err == nil { + if ar, err := s.d.RegistrationRequestPersister().GetRegistrationRequest(ctx, rid); err == nil { if err := ar.Valid(); err != nil { - // create new request because the old one is not valid - if err = s.d.LoginHandler().NewLoginRequest(w, r, func(a *login.Request) (string, error) { - for name, method := range a.Methods { - method.Config.AddError(&form.Error{Message: "Your session expired, please try again."}) - if err := s.d.LoginRequestPersister().UpdateLoginRequest(context.TODO(), a.ID, name, method); err != nil { - return s.d.SelfServiceErrorManager().Create(r.Context(), w, r, err) - } - a.Methods[name] = method - } - - return urlx.CopyWithQuery(s.c.LoginURL(), url.Values{"request": {a.ID.String()}}).String(), nil - }); err != nil { - s.handleError(w, r, rid, nil, err) - return nil - } - s.handleError(w, r, rid, nil, err) - return nil + return ar, err } - return ar + return ar, nil } - ar, err := s.d.LoginRequestPersister().GetLoginRequest(r.Context(), rid) + ar, err := s.d.LoginRequestPersister().GetLoginRequest(ctx, rid) if err != nil { - s.handleError(w, r, rid, nil, err) - return nil + return nil, err } if err := ar.Valid(); err != nil { - // create new request because the old one is not valid - // create new request because the old one is not valid - if err = s.d.RegistrationHandler().NewRegistrationRequest(w, r, func(a *registration.Request) (string, error) { - for name, method := range a.Methods { - method.Config.AddError(&form.Error{Message: "Your session expired, please try again."}) - if err := s.d.RegistrationRequestPersister().UpdateRegistrationRequest(context.TODO(), a.ID, name, method); err != nil { - return s.d.SelfServiceErrorManager().Create(r.Context(), w, r, err) - } - a.Methods[name] = method - } - - return urlx.CopyWithQuery(s.c.LoginURL(), url.Values{"request": {a.ID.String()}}).String(), nil - }); err != nil { - s.handleError(w, r, rid, nil, err) - return nil - } - s.handleError(w, r, rid, nil, err) - return nil + return ar, err } - return ar + return ar, nil } -func (s *Strategy) validateCallback(w http.ResponseWriter, r *http.Request) request { +func (s *Strategy) validateCallback(r *http.Request) (request, error) { var ( code = r.URL.Query().Get("code") - rid = x.ParseUUID(x.SessionGetStringOr(r, s.d.CookieManager(), sessionName, sessionRequestID, "")) ) if state := r.URL.Query().Get("state"); state == "" { - s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider did not return the state query parameter.`))) - return nil + return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider did not return the state query parameter.`)) } else if state != x.SessionGetStringOr(r, s.d.CookieManager(), sessionName, sessionKeyState, "") { - s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the query state parameter does not match the state parameter from the session cookie.`))) - return nil + return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the query state parameter does not match the state parameter from the session cookie.`)) } - ar := s.validateRequest(w, r, rid) - if ar == nil { - return nil + ar, err := s.validateRequest(r.Context(), x.ParseUUID(x.SessionGetStringOr(r, s.d.CookieManager(), sessionName, sessionRequestID, ""))) + if err != nil { + return nil, err } if r.URL.Query().Get("error") != "" { - s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider returned error "%s": %s`, r.URL.Query().Get("error"), r.URL.Query().Get("error_description")))) - return ar + return ar, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider returned error "%s": %s`, r.URL.Query().Get("error"), r.URL.Query().Get("error_description"))) } if code == "" { - s.handleError(w, r, rid, nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider did not return the code query parameter.`))) - return ar + return ar, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`Unable to complete OpenID Connect flow because the OpenID Provider did not return the code query parameter.`)) } - return ar + return ar, nil } func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { @@ -283,8 +243,13 @@ func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps htt pid = ps.ByName("provider") ) - ar := s.validateCallback(w, r) - if ar == nil { + ar, err := s.validateCallback(r) + if err != nil { + if ar != nil { + s.handleError(w, r, ar.GetID(), nil, err) + } else { + s.handleError(w, r, x.EmptyUUID, nil, err) + } return } diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go index c1ffbe1815c8..4a3872acfc2e 100644 --- a/selfservice/strategy/oidc/strategy_test.go +++ b/selfservice/strategy/oidc/strategy_test.go @@ -326,15 +326,16 @@ func TestStrategy(t *testing.T) { r := nlr(t, returnTS.URL, -time.Minute) res, body := mr(t, "valid", r.ID, url.Values{}) - t.Log(body) assert.NotEqual(t, r.ID, gjson.GetBytes(body, "id")) - aue(t, res, body, "login request expired") + aue(t, res, body, "session expired") }) t.Run("case=should fail because the registration request is expired", func(t *testing.T) { r := nrr(t, returnTS.URL, -time.Minute) res, body := mr(t, "valid", r.ID, url.Values{}) - aue(t, res, body, "registration request expired") + + assert.NotEqual(t, r.ID, gjson.GetBytes(body, "id")) + aue(t, res, body, "session expired") }) t.Run("case=should fail registration because scope was not provided", func(t *testing.T) { diff --git a/selfservice/strategy/password/login.go b/selfservice/strategy/password/login.go index 9bfa353f14f1..f2b9b5933a8d 100644 --- a/selfservice/strategy/password/login.go +++ b/selfservice/strategy/password/login.go @@ -2,7 +2,6 @@ package password import ( "bytes" - "context" "encoding/json" "net/http" "net/url" @@ -75,21 +74,7 @@ func (s *Strategy) handleLogin(w http.ResponseWriter, r *http.Request, _ httprou } if err := ar.Valid(); err != nil { - // create new request if the old one is not valid - if err = s.d.LoginHandler().NewLoginRequest(w, r, func(a *login.Request) (string, error) { - for name, method := range a.Methods { - method.Config.AddError(&form.Error{Message: "Your session expired, please try again."}) - if err := s.d.LoginRequestPersister().UpdateLoginRequest(context.TODO(), a.ID, name, method); err != nil { - return s.d.SelfServiceErrorManager().Create(r.Context(), w, r, err) - } - a.Methods[name] = method - } - - return urlx.CopyWithQuery(s.c.LoginURL(), url.Values{"request": {a.ID.String()}}).String(), nil - }); err != nil { - s.handleLoginError(w, r, ar, err) - return - } + s.handleLoginError(w, r, ar, err) return } diff --git a/selfservice/strategy/password/registration.go b/selfservice/strategy/password/registration.go index dba5a5aceb30..fb1bea942dc2 100644 --- a/selfservice/strategy/password/registration.go +++ b/selfservice/strategy/password/registration.go @@ -1,7 +1,6 @@ package password import ( - "context" "encoding/json" "fmt" "net/http" @@ -108,22 +107,7 @@ func (s *Strategy) handleRegistration(w http.ResponseWriter, r *http.Request, _ } if err := ar.Valid(); err != nil { - // create new request if the old one is not valid - if err = s.d.RegistrationHandler().NewRegistrationRequest(w, r, func(a *registration.Request) (string, error) { - for name, method := range a.Methods { - method.Config.AddError(&form.Error{Message: "Your session expired, please try again."}) - if err := s.d.RegistrationRequestPersister().UpdateRegistrationRequest(context.TODO(), a.ID, name, method); err != nil { - return s.d.SelfServiceErrorManager().Create(r.Context(), w, r, err) - } - a.Methods[name] = method - } - - return urlx.CopyWithQuery(s.c.RegisterURL(), url.Values{"request": {a.ID.String()}}).String(), nil - }); err != nil { - s.handleRegistrationError(w, r, ar, nil, err) - return - } - + s.handleRegistrationError(w, r, ar, nil, err) return }