From 7612280421e0ad9630272b62839a1204ba3e917e Mon Sep 17 00:00:00 2001
From: Siddharth <siddharth@debian.siddharth>
Date: Thu, 5 Oct 2023 03:47:37 +0530
Subject: [PATCH 1/3] fix: added all auth url in ory

---
 core/api/dev/ory/oathkeeper_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/api/dev/ory/oathkeeper_rules.yaml b/core/api/dev/ory/oathkeeper_rules.yaml
index 3012828088..4cbd277e50 100644
--- a/core/api/dev/ory/oathkeeper_rules.yaml
+++ b/core/api/dev/ory/oathkeeper_rules.yaml
@@ -2,7 +2,7 @@
   upstream:
     url: "http://bats-tests:4012"
   match:
-    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<(clearCookies|login|logout|email/code|email/login|totp/validate|email/login/cookie)>"
+    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<(clearCookies|login|logout|email/code|email/login|totp/validate|email/login/cookie|create/device-account|phone/captcha|phone/code|phone/login)>"
     methods: ["GET", "POST", "OPTIONS"]
   authenticators:
     - handler: anonymous

From e63f1214e80649ca5a78326e8bdbf1e0fb7c459d Mon Sep 17 00:00:00 2001
From: Siddharth <siddharth@debian.siddharth>
Date: Thu, 5 Oct 2023 14:30:23 +0530
Subject: [PATCH 2/3] fix: bats-test

---
 core/api/dev/ory/oathkeeper_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/api/dev/ory/oathkeeper_rules.yaml b/core/api/dev/ory/oathkeeper_rules.yaml
index 4cbd277e50..70c318656f 100644
--- a/core/api/dev/ory/oathkeeper_rules.yaml
+++ b/core/api/dev/ory/oathkeeper_rules.yaml
@@ -2,7 +2,7 @@
   upstream:
     url: "http://bats-tests:4012"
   match:
-    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<(clearCookies|login|logout|email/code|email/login|totp/validate|email/login/cookie|create/device-account|phone/captcha|phone/code|phone/login)>"
+    url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<(clearCookies|login|logout|email/code|email/login|totp/validate|email/login/cookie|phone/captcha|phone/code|phone/login)>"
     methods: ["GET", "POST", "OPTIONS"]
   authenticators:
     - handler: anonymous

From e38aa6973c3a37dfc9b9430f70ca4f05d3ae4117 Mon Sep 17 00:00:00 2001
From: Siddharth <siddharth@debian.siddharth>
Date: Thu, 5 Oct 2023 15:03:23 +0530
Subject: [PATCH 3/3] fix: response type in auth, consistent response
 'res.send'

---
 core/api/src/servers/authorization/index.ts | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/core/api/src/servers/authorization/index.ts b/core/api/src/servers/authorization/index.ts
index 92872d25ff..adfbe18478 100644
--- a/core/api/src/servers/authorization/index.ts
+++ b/core/api/src/servers/authorization/index.ts
@@ -422,23 +422,24 @@ authRouter.post("/email/login/cookie", async (req: Request, res: Response) => {
 
 authRouter.post("/phone/captcha", async (req: Request, res: Response) => {
   const result = await registerCaptchaGeetest()
-  if (result instanceof Error) return res.json({ error: "error creating challenge" })
+  if (result instanceof Error) {
+    return res.status(500).send({ error: "error creating challenge" })
+  }
 
   const { success, gt, challenge, newCaptcha } = result
 
-  return {
+  return res.send({
     result: {
       id: gt,
       challengeCode: challenge,
       newCaptcha,
       failbackMode: success === 0,
     },
-  }
+  })
 })
 
 authRouter.post("/phone/code", async (req: Request, res: Response) => {
   const ip = req.originalIp
-
   const phoneRaw = req.body.phone
   const challengeCodeRaw = req.body.challengeCode
   const validationCodeRaw = req.body.validationCode
@@ -449,7 +450,7 @@ authRouter.post("/phone/code", async (req: Request, res: Response) => {
     return res.status(400).send({ error: "missing inputs" })
 
   const phone = checkedToPhoneNumber(phoneRaw)
-  if (phone instanceof Error) return res.status(400).send("invalid phone")
+  if (phone instanceof Error) return res.status(400).send({ error: "invalid phone" })
 
   const geetestChallenge = challengeCodeRaw
   const geetestValidate = validationCodeRaw
@@ -464,25 +465,24 @@ authRouter.post("/phone/code", async (req: Request, res: Response) => {
     channel,
   })
 
-  if (result instanceof Error) return res.status(400).json({ error: result })
+  if (result instanceof Error) return res.status(400).send({ error: result })
 
-  return res.json({
+  return res.send({
     success: true,
   })
 })
 
 authRouter.post("/phone/login", async (req: Request, res: Response) => {
   const ip = req.originalIp
-
   const codeRaw = req.body.code
   const phoneRaw = req.body.phone
   if (!codeRaw || !phoneRaw) {
     return res.status(400).send({ error: "missing inputs" })
   }
   const code = validOneTimeAuthCodeValue(codeRaw)
-  if (code instanceof Error) return res.status(400).send("invalid code")
+  if (code instanceof Error) return res.status(400).send({ error: "invalid code" })
   const phone = checkedToPhoneNumber(phoneRaw)
-  if (phone instanceof Error) return res.status(400).send("invalid phone")
+  if (phone instanceof Error) return res.status(400).send({ error: "invalid phone" })
 
   const loginResp = await Authentication.loginWithPhoneToken({
     phone,