1 files changed, 43 insertions, 24 deletions

diff --git a/packages/taler-util/src/http-client/challenger.ts b/packages/taler-util/src/http-client/challenger.ts
index fa4214aa6..8d23ed273 100644
--- a/packages/taler-util/src/http-client/challenger.ts
+++ b/packages/taler-util/src/http-client/challenger.ts
@@ -4,10 +4,13 @@ import { createPlatformHttpLib } from "../http.js";
 import { LibtoolVersion } from "../libtool-version.js";
 import {
   FailCasesByMethod,
+  RedirectResult,
   ResultByMethod,
+  opFixedSuccess,
+  opKnownAlternativeFailure,
   opKnownHttpFailure,
   opSuccessFromHttp,
-  opUnknownFailure
+  opUnknownFailure,
 } from "../operation.js";
 import {
   AccessToken,
@@ -16,7 +19,8 @@ import {
   codecForChallengeStatus,
   codecForChallengerAuthResponse,
   codecForChallengerInfoResponse,
-  codecForChallengerTermsOfServiceResponse
+  codecForChallengerTermsOfServiceResponse,
+  codecForInvalidPinResponse,
 } from "./types.js";
 import { makeBearerTokenAuthHeader } from "./utils.js";
 
@@ -91,7 +95,12 @@ export class ChallengerHttpClient {
    * https://docs.taler.net/core/api-challenger.html#post--authorize-$NONCE
    *
    */
-  async login(nonce: string, clientId: string, redirectUri: string, state: string | undefined) {
+  async login(
+    nonce: string,
+    clientId: string,
+    redirectUri: string,
+    state: string | undefined,
+  ) {
     const url = new URL(`authorize/${nonce}`, this.baseUrl);
     url.searchParams.set("response_type", "code");
     url.searchParams.set("client_id", clientId);
@@ -127,17 +136,23 @@ export class ChallengerHttpClient {
    */
   async challenge(nonce: string, body: Record<"email", string>) {
     const url = new URL(`challenge/${nonce}`, this.baseUrl);
-    
+
     const resp = await this.httpLib.fetch(url.href, {
       method: "POST",
       body: new URLSearchParams(Object.entries(body)).toString(),
       headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
-      }
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      redirect: "manual",
     });
     switch (resp.status) {
       case HttpStatusCode.Ok:
         return opSuccessFromHttp(resp, codecForChallengeCreateResponse());
+      case HttpStatusCode.Found:
+        const redirect = resp.headers.get("Location")!;
+        return opFixedSuccess<RedirectResult>({
+          redirectURL: new URL(redirect),
+        });
       case HttpStatusCode.BadRequest:
         return opKnownHttpFailure(resp.status, resp);
       case HttpStatusCode.NotFound:
@@ -165,23 +180,25 @@ export class ChallengerHttpClient {
       method: "POST",
       body: new URLSearchParams(Object.entries(body)).toString(),
       headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
+        "Content-Type": "application/x-www-form-urlencoded",
       },
       redirect: "manual",
     });
     switch (resp.status) {
       case HttpStatusCode.Found:
-        const redirect = resp.headers.get("Location")!
-        const uri = new URL(redirect)
-        const code = uri.searchParams.get("code")!
-        return {
-          type: "ok" as const,
-          body: { code }
-        }
-        // return opSuccessFromHttp(resp, codecForChallengeCreateResponse());
+        const redirect = resp.headers.get("Location")!;
+        return opFixedSuccess<RedirectResult>({
+          redirectURL: new URL(redirect),
+        });
       case HttpStatusCode.BadRequest:
         return opKnownHttpFailure(resp.status, resp);
-      case HttpStatusCode.NotFound: 
+      case HttpStatusCode.Forbidden:
+        return opKnownAlternativeFailure(
+          resp,
+          resp.status,
+          codecForInvalidPinResponse(),
+        );
+      case HttpStatusCode.NotFound:
         return opKnownHttpFailure(resp.status, resp);
       case HttpStatusCode.NotAcceptable:
         return opKnownHttpFailure(resp.status, resp);
@@ -210,15 +227,17 @@ export class ChallengerHttpClient {
     const resp = await this.httpLib.fetch(url.href, {
       method: "POST",
       headers: {
-        "Content-Type": "application/x-www-form-urlencoded"
+        "Content-Type": "application/x-www-form-urlencoded",
       },
-      body: new URLSearchParams(Object.entries({
-        client_id,
-        redirect_uri,
-        client_secret,
-        code,
-        grant_type: "authorization_code",
-      })).toString(),
+      body: new URLSearchParams(
+        Object.entries({
+          client_id,
+          redirect_uri,
+          client_secret,
+          code,
+          grant_type: "authorization_code",
+        }),
+      ).toString(),
     });
     switch (resp.status) {
       case HttpStatusCode.Ok: