Prevent showing user exists for password disabled actions

This commit is contained in:
Rory Powell 2023-03-01 14:49:44 +00:00
parent d5e1b3a6c3
commit c83684ed83
5 changed files with 14 additions and 21 deletions

View File

@ -154,7 +154,8 @@ export default function (
return next()
}
} catch (err: any) {
console.error("Auth Error", err?.message || err)
console.error(`Auth Error: ${err.message}`)
console.error(err)
// invalid token, clear the cookie
if (err && err.name === "JsonWebTokenError") {
clearCookie(ctx, Cookie.Auth)

View File

@ -62,7 +62,7 @@ export const login = async (ctx: Ctx<LoginRequest>, next: any) => {
const user = await userSdk.getUserByEmail(email)
if (user && (await userSdk.isPreventPasswordActions(user))) {
ctx.throw(400, "Password login is disabled for this user")
ctx.throw(403, "Invalid credentials")
}
return passport.authenticate(

View File

@ -106,12 +106,12 @@ describe("/api/global/auth", () => {
tenantId,
email,
password,
{ status: 400 }
{ status: 403 }
)
expect(response.body).toEqual({
message: "Password login is disabled for this user",
status: 400,
message: "Invalid credentials",
status: 403,
})
}
@ -171,17 +171,7 @@ describe("/api/global/auth", () => {
const { res } = await config.api.auth.requestPasswordReset(
sendMailMock,
user.email,
{ status: 400 }
)
expect(res.body).toEqual({
message: "Password reset is disabled for this user",
status: 400,
error: {
code: "http",
type: "generic",
},
})
expect(sendMailMock).not.toHaveBeenCalled()
}

View File

@ -59,7 +59,7 @@ export const reset = async (email: string) => {
// exit if user has sso
if (await userSdk.isPreventPasswordActions(user)) {
throw new HTTPError("Password reset is disabled for this user", 400)
return
}
// send password reset

View File

@ -61,11 +61,13 @@ export class AuthAPI extends TestAPI {
let code: string | undefined
if (res.status === 200) {
const emailCall = sendMailMock.mock.calls[0][0]
const parts = emailCall.html.split(
`http://localhost:10000/builder/auth/reset?code=`
)
code = parts[1].split('"')[0].split("&")[0]
if (sendMailMock.mock.calls.length) {
const emailCall = sendMailMock.mock.calls[0][0]
const parts = emailCall.html.split(
`http://localhost:10000/builder/auth/reset?code=`
)
code = parts[1].split('"')[0].split("&")[0]
}
}
return { code, res }