From 31c8edbd9f07211b478efa4f1a23e094c31176bf Mon Sep 17 00:00:00 2001
From: Zach Wasserman <zach@fleetdm.com>
Date: Wed, 20 Nov 2024 09:50:18 -0800
Subject: [PATCH] Fix JSON parsing for fleetdm.com EST certificate issuance
 (#23977)

Missed a JSON.parse after refactoring the HTTP request code. This was
missed because we had to comment out some of the code for testing in
order to skip authentication.
---
 website/api/controllers/get-est-device-certificate.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/api/controllers/get-est-device-certificate.js b/website/api/controllers/get-est-device-certificate.js
index a69e83d0eb..5a69979f2f 100644
--- a/website/api/controllers/get-est-device-certificate.js
+++ b/website/api/controllers/get-est-device-certificate.js
@@ -83,11 +83,11 @@ module.exports = {
       throw 'invalidToken';
     }
 
-    if (!introspectResponse.body.active) {
+    const introspectBody = JSON.parse(introspectResponse.body);
+    if (!introspectBody.active) {
       throw 'invalidToken';
     }
-
-    const introspectUsername = introspectResponse.body.username;
+    const introspectUsername = introspectBody.username;
 
     // Extract the email and username from the CSR. Ensure they match.
     let jsrsasign = require('jsrsasign');