Fix error codes and login processing url

Author: aarmam

example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java

@@ -60,7 +60,7 @@ public SecurityFilterChain filterChain(
             .authenticationProvider(authTokenDTOAuthenticationProvider)
             .addFilterBefore(new WebEidMobileAuthInitFilter("/auth/mobile/init", "/auth/mobile/login", challengeNonceGenerator), UsernamePasswordAuthenticationFilter.class)
             .addFilterBefore(new WebEidChallengeNonceFilter("/auth/challenge", challengeNonceGenerator), UsernamePasswordAuthenticationFilter.class)
-            .addFilterBefore(new WebEidLoginPageGeneratingFilter("/auth/mobile/login"), UsernamePasswordAuthenticationFilter.class)
+            .addFilterBefore(new WebEidLoginPageGeneratingFilter("/auth/mobile/login", "/auth/login"), UsernamePasswordAuthenticationFilter.class)
             .addFilterBefore(new WebEidAjaxLoginProcessingFilter("/auth/login", authConfig.getAuthenticationManager()), UsernamePasswordAuthenticationFilter.class)
             .logout(l -> l.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()))
             .headers(h -> h.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))

example/src/main/java/eu/webeid/example/security/ui/WebEidLoginPageGeneratingFilter.java

@@ -54,26 +54,26 @@ public final class WebEidLoginPageGeneratingFilter extends OncePerRequestFilter
         import { showErrorMessage } from "/js/errors.js";
         (function () {
           const frag = location.hash ? location.hash.substring(1) : "";
-          if (!frag) { showErrorMessage({ code: "MISSING_PAYLOAD", message: "Missing payload" }); return; }
+          if (!frag) { showErrorMessage({ code: "UNKNOWN_ERROR", message: "Missing authentication payload" }); return; }
 
           let payload;
           try { payload = JSON.parse(atob(frag)); } catch (e) {
             console.error("Failed to parse payload", e);
-            showErrorMessage({ code: "BAD_PAYLOAD", message: "Failed to parse mobile payload" });
+            showErrorMessage({ code: "UNKNOWN_ERROR", message: "Failed to parse authentication payload" });
             return;
           }
 
           if (payload["error"]) {
             showErrorMessage({
-              code: payload["code"] ?? "MOPP_ERROR",
-              message: payload["message"] ?? "Authentication failed in mobile app"
+              code: payload["code"] ?? "UNKNOWN_ERROR",
+              message: payload["message"] ?? "Authentication failed"
             });
             return;
           }
 
-          const authToken = payload["auth-token"] ?? payload;
+          const authToken = payload["auth-token"];
 
-          fetch("/auth/login", {
+          fetch("%s", {
             method: "POST",
             headers: {
               "Content-Type": "application/json",
@@ -86,20 +86,20 @@ public final class WebEidLoginPageGeneratingFilter extends OncePerRequestFilter
             if (!r.ok) throw new Error("HTTP " + r.status);
             window.location.replace("/welcome");
           })
-          .catch(e => {
-            console.error("Login failed", e);
-            showErrorMessage({ code: "LOGIN_FAILED", message: e.message });
+          .catch(error => {
+            showErrorMessage(error);
           });
         })();
         </script>
-        Signing you in…
         </body>
         </html>
         """;
     private final RequestMatcher requestMatcher;
+    private final String loginProcessingPath;
 
-    public WebEidLoginPageGeneratingFilter(String path) {
+    public WebEidLoginPageGeneratingFilter(String path, String loginProcessingPath) {
         this.requestMatcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, path);
+        this.loginProcessingPath = loginProcessingPath;
     }
 
     @Override
@@ -124,6 +124,7 @@ protected void doFilterInternal(@NonNull HttpServletRequest request, @NonNull Ht
     private String generateHtml(CsrfToken csrf) {
         return String.format(
             LOGIN_PAGE_HTML,
+            loginProcessingPath,
             csrf != null ? csrf.getHeaderName() : "X-CSRF-TOKEN",
             csrf != null ? csrf.getToken() : ""
         );