openfoodfacts · VaiTon · Oct 10, 2022 · Oct 7, 2022
@@ -40,13 +40,35 @@
 
 my $request_ref = ProductOpener::Display::init_request();
 
-my $status = 403;
+my $status;
+my $response_ref;
 
 if (defined $User_id) {
 	$status = 200;
+
+	# Return basic data about the user
+	$response_ref = {
+		status => 1,
+		status_verbose => 'user signed-in',
+		user_id => $User_id,
+		user => {
+			email => $User{email},
+			name => $User{name},
+		},
+	};
+
+	use JSON::PP;
+
+}
+else {
+	$status = 403;
+	$response_ref = {
+		status => 0,
+		status_verbose => 'user not signed-in',
+	};
 }
 
-print header(-status => $status);
+my $json = JSON::PP->new->allow_nonref->canonical->utf8->encode($response_ref);
 
 # We need to send the header Access-Control-Allow-Credentials=true so that websites
 # such has hunger.openfoodfacts.org that send a query to world.openfoodfacts.org/cgi/auth.pl
@@ -63,5 +85,12 @@
 	$r->err_headers_out->set("Access-Control-Allow-Origin", $origin);
 }
 
+print header(-status => $status, -type => 'application/json', -charset => 'utf-8');
+print $json;
+
 $r->rflush;
-$r->status($status);
+
+# Setting the status makes mod_perl append a default error to the body
+# $r->status($status);
+# Send 200 instead.
+$r->status(200);
@@ -692,7 +692,15 @@ sub init_request() {
 
 	my $error = ProductOpener::Users::init_user($request_ref);
 	if ($error) {
-		display_error_and_exit($error, 403);
+		# TODO: currently we always display an HTML message if we were passed a bad user_id and password combination
+		# even if the request is an API request
+
+		# for requests to /cgi/auth.pl, we will now return a JSON body, set in /cgi/auth.pl
+		# but it would be good to later have a more consistent behaviour for all API requests
+		if ($r->uri() !~ /\/cgi\/auth\.pl/) {
+			print $r->uri();
+			display_error_and_exit($error, 403);
+		}
 	}
 
 	# %admin is defined in Config.pm