Prevent showing user exists for password disabled actions
This commit is contained in:
parent
d5e1b3a6c3
commit
c83684ed83
|
@ -154,7 +154,8 @@ export default function (
|
||||||
return next()
|
return next()
|
||||||
}
|
}
|
||||||
} catch (err: any) {
|
} catch (err: any) {
|
||||||
console.error("Auth Error", err?.message || err)
|
console.error(`Auth Error: ${err.message}`)
|
||||||
|
console.error(err)
|
||||||
// invalid token, clear the cookie
|
// invalid token, clear the cookie
|
||||||
if (err && err.name === "JsonWebTokenError") {
|
if (err && err.name === "JsonWebTokenError") {
|
||||||
clearCookie(ctx, Cookie.Auth)
|
clearCookie(ctx, Cookie.Auth)
|
||||||
|
|
|
@ -62,7 +62,7 @@ export const login = async (ctx: Ctx<LoginRequest>, next: any) => {
|
||||||
|
|
||||||
const user = await userSdk.getUserByEmail(email)
|
const user = await userSdk.getUserByEmail(email)
|
||||||
if (user && (await userSdk.isPreventPasswordActions(user))) {
|
if (user && (await userSdk.isPreventPasswordActions(user))) {
|
||||||
ctx.throw(400, "Password login is disabled for this user")
|
ctx.throw(403, "Invalid credentials")
|
||||||
}
|
}
|
||||||
|
|
||||||
return passport.authenticate(
|
return passport.authenticate(
|
||||||
|
|
|
@ -106,12 +106,12 @@ describe("/api/global/auth", () => {
|
||||||
tenantId,
|
tenantId,
|
||||||
email,
|
email,
|
||||||
password,
|
password,
|
||||||
{ status: 400 }
|
{ status: 403 }
|
||||||
)
|
)
|
||||||
|
|
||||||
expect(response.body).toEqual({
|
expect(response.body).toEqual({
|
||||||
message: "Password login is disabled for this user",
|
message: "Invalid credentials",
|
||||||
status: 400,
|
status: 403,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -171,17 +171,7 @@ describe("/api/global/auth", () => {
|
||||||
const { res } = await config.api.auth.requestPasswordReset(
|
const { res } = await config.api.auth.requestPasswordReset(
|
||||||
sendMailMock,
|
sendMailMock,
|
||||||
user.email,
|
user.email,
|
||||||
{ status: 400 }
|
|
||||||
)
|
)
|
||||||
|
|
||||||
expect(res.body).toEqual({
|
|
||||||
message: "Password reset is disabled for this user",
|
|
||||||
status: 400,
|
|
||||||
error: {
|
|
||||||
code: "http",
|
|
||||||
type: "generic",
|
|
||||||
},
|
|
||||||
})
|
|
||||||
expect(sendMailMock).not.toHaveBeenCalled()
|
expect(sendMailMock).not.toHaveBeenCalled()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@ export const reset = async (email: string) => {
|
||||||
|
|
||||||
// exit if user has sso
|
// exit if user has sso
|
||||||
if (await userSdk.isPreventPasswordActions(user)) {
|
if (await userSdk.isPreventPasswordActions(user)) {
|
||||||
throw new HTTPError("Password reset is disabled for this user", 400)
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// send password reset
|
// send password reset
|
||||||
|
|
|
@ -61,11 +61,13 @@ export class AuthAPI extends TestAPI {
|
||||||
|
|
||||||
let code: string | undefined
|
let code: string | undefined
|
||||||
if (res.status === 200) {
|
if (res.status === 200) {
|
||||||
const emailCall = sendMailMock.mock.calls[0][0]
|
if (sendMailMock.mock.calls.length) {
|
||||||
const parts = emailCall.html.split(
|
const emailCall = sendMailMock.mock.calls[0][0]
|
||||||
`http://localhost:10000/builder/auth/reset?code=`
|
const parts = emailCall.html.split(
|
||||||
)
|
`http://localhost:10000/builder/auth/reset?code=`
|
||||||
code = parts[1].split('"')[0].split("&")[0]
|
)
|
||||||
|
code = parts[1].split('"')[0].split("&")[0]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return { code, res }
|
return { code, res }
|
||||||
|
|
Loading…
Reference in New Issue