From ad0ed40a590b01cbc4a1d7c2dd2182b92180fc1c Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Fri, 8 Jan 2021 12:57:14 +0100 Subject: [PATCH] api: return "invalid" as CSRF token for partial tickets So that old clients don't `unwrap` a `None` value. Signed-off-by: Wolfgang Bumiller --- src/api2/access.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/api2/access.rs b/src/api2/access.rs index ebab42d1..8866c944 100644 --- a/src/api2/access.rs +++ b/src/api2/access.rs @@ -163,7 +163,9 @@ fn authenticate_2nd( }, CSRFPreventionToken: { type: String, - description: "Cross Site Request Forgery Prevention Token.", + description: + "Cross Site Request Forgery Prevention Token. \ + For partial tickets this is the string \"invalid\".", }, }, }, @@ -207,6 +209,7 @@ fn create_ticket( Ok(json!({ "username": username, "ticket": ticket, + "CSRFPreventionToken": "invalid", })) } Err(err) => {