CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-07-04 22:11:23 +12:00
Code Issues Projects Releases Wiki Activity

Prevent showing user exists for password disabled actions

Browse source
This commit is contained in:
Rory Powell 2023-03-01 14:49:44 +00:00
parent d5e1b3a6c3
commit c83684ed83
5 changed files with 14 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
packages/backend-core/src/middleware/authenticated.ts
View file

@ -154,7 +154,8 @@ export default function (
return next() return next()
} }
} catch (err: any) { } catch (err: any) {
console.error("Auth Error", err?.message || err) console.error(`Auth Error: ${err.message}`)
console.error(err)
// invalid token, clear the cookie // invalid token, clear the cookie
if (err && err.name === "JsonWebTokenError") { if (err && err.name === "JsonWebTokenError") {
clearCookie(ctx, Cookie.Auth) clearCookie(ctx, Cookie.Auth)

2
packages/worker/src/api/controllers/global/auth.ts
View file

@ -62,7 +62,7 @@ export const login = async (ctx: Ctx<LoginRequest>, next: any) => {
const user = await userSdk.getUserByEmail(email) const user = await userSdk.getUserByEmail(email)
if (user && (await userSdk.isPreventPasswordActions(user))) { if (user && (await userSdk.isPreventPasswordActions(user))) {
ctx.throw(400, "Password login is disabled for this user") ctx.throw(403, "Invalid credentials")
} }
return passport.authenticate( return passport.authenticate(

16
packages/worker/src/api/routes/global/tests/auth.spec.ts
View file

@ -106,12 +106,12 @@ describe("/api/global/auth", () => {
tenantId, tenantId,
email, email,
password, password,
{ status: 400 } { status: 403 }
) )
expect(response.body).toEqual({ expect(response.body).toEqual({
message: "Password login is disabled for this user", message: "Invalid credentials",
status: 400, status: 403,
}) })
} }
@ -171,17 +171,7 @@ describe("/api/global/auth", () => {
const { res } = await config.api.auth.requestPasswordReset( const { res } = await config.api.auth.requestPasswordReset(
sendMailMock, sendMailMock,
user.email, user.email,
{ status: 400 }
) )
expect(res.body).toEqual({
message: "Password reset is disabled for this user",
status: 400,
error: {
code: "http",
type: "generic",
},
})
expect(sendMailMock).not.toHaveBeenCalled() expect(sendMailMock).not.toHaveBeenCalled()
} }

2
packages/worker/src/sdk/auth/auth.ts
View file

@ -59,7 +59,7 @@ export const reset = async (email: string) => {
// exit if user has sso // exit if user has sso
if (await userSdk.isPreventPasswordActions(user)) { if (await userSdk.isPreventPasswordActions(user)) {
throw new HTTPError("Password reset is disabled for this user", 400) return
} }
// send password reset // send password reset

12
packages/worker/src/tests/api/auth.ts
View file

@ -61,11 +61,13 @@ export class AuthAPI extends TestAPI {
let code: string | undefined let code: string | undefined
if (res.status === 200) { if (res.status === 200) {
const emailCall = sendMailMock.mock.calls[0][0] if (sendMailMock.mock.calls.length) {
const parts = emailCall.html.split( const emailCall = sendMailMock.mock.calls[0][0]
`http://localhost:10000/builder/auth/reset?code=` const parts = emailCall.html.split(
) `http://localhost:10000/builder/auth/reset?code=`
code = parts[1].split('"')[0].split("&")[0] )
code = parts[1].split('"')[0].split("&")[0]
}
} }
return { code, res } return { code, res }