fix(backend): 追加認証の必要なAPIの認証失敗がサーバーエラーとして返されてしまう問題を修正 (MisskeyIO#255)
Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>
This commit is contained in:
parent
20b4180667
commit
a2e6e0b6cc
|
@ -26,6 +26,12 @@ export const meta = {
|
||||||
id: '0d7ec6d2-e652-443e-a7bf-9ee9a0cd77b0',
|
id: '0d7ec6d2-e652-443e-a7bf-9ee9a0cd77b0',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
authenticationFailed: {
|
||||||
|
message: 'Authentication failed.',
|
||||||
|
code: 'AUTHENTICATION_FAILED',
|
||||||
|
id: '7b7b1e88-c569-4873-9676-25c5717ace4e',
|
||||||
|
},
|
||||||
|
|
||||||
twoFactorNotEnabled: {
|
twoFactorNotEnabled: {
|
||||||
message: '2fa not enabled.',
|
message: '2fa not enabled.',
|
||||||
code: 'TWO_FACTOR_NOT_ENABLED',
|
code: 'TWO_FACTOR_NOT_ENABLED',
|
||||||
|
@ -71,14 +77,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
if (profile.twoFactorEnabled) {
|
if (profile.twoFactorEnabled) {
|
||||||
const token = ps.token;
|
const token = ps.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new Error('authentication failed');
|
throw new ApiError(meta.errors.authenticationFailed);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
||||||
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
|
||||||
} catch (e) {
|
|
||||||
throw new Error('authentication failed');
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
throw new ApiError(meta.errors.twoFactorNotEnabled);
|
throw new ApiError(meta.errors.twoFactorNotEnabled);
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,6 +30,12 @@ export const meta = {
|
||||||
id: '38769596-efe2-4faf-9bec-abbb3f2cd9ba',
|
id: '38769596-efe2-4faf-9bec-abbb3f2cd9ba',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
authenticationFailed: {
|
||||||
|
message: 'Authentication failed.',
|
||||||
|
code: 'AUTHENTICATION_FAILED',
|
||||||
|
id: 'a7628591-668b-47b2-919f-d986b22af06a',
|
||||||
|
},
|
||||||
|
|
||||||
twoFactorNotEnabled: {
|
twoFactorNotEnabled: {
|
||||||
message: '2fa not enabled.',
|
message: '2fa not enabled.',
|
||||||
code: 'TWO_FACTOR_NOT_ENABLED',
|
code: 'TWO_FACTOR_NOT_ENABLED',
|
||||||
|
@ -77,14 +83,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
|
||||||
if (profile.twoFactorEnabled) {
|
if (profile.twoFactorEnabled) {
|
||||||
const token = ps.token;
|
const token = ps.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new Error('authentication failed');
|
throw new ApiError(meta.errors.authenticationFailed);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
||||||
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
|
||||||
} catch (e) {
|
|
||||||
throw new Error('authentication failed');
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
throw new ApiError(meta.errors.twoFactorNotEnabled);
|
throw new ApiError(meta.errors.twoFactorNotEnabled);
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,12 @@ export const meta = {
|
||||||
code: 'INCORRECT_PASSWORD',
|
code: 'INCORRECT_PASSWORD',
|
||||||
id: '78d6c839-20c9-4c66-b90a-fc0542168b48',
|
id: '78d6c839-20c9-4c66-b90a-fc0542168b48',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
authenticationFailed: {
|
||||||
|
message: 'Authentication failed.',
|
||||||
|
code: 'AUTHENTICATION_FAILED',
|
||||||
|
id: 'e428f177-c6ae-4e91-9c7e-334b1836f9aa',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
} as const;
|
} as const;
|
||||||
|
|
||||||
|
@ -59,14 +65,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||||
if (profile.twoFactorEnabled) {
|
if (profile.twoFactorEnabled) {
|
||||||
const token = ps.token;
|
const token = ps.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new Error('authentication failed');
|
throw new ApiError(meta.errors.authenticationFailed);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
||||||
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
|
||||||
} catch (e) {
|
|
||||||
throw new Error('authentication failed');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate user's secret key
|
// Generate user's secret key
|
||||||
|
|
|
@ -24,6 +24,12 @@ export const meta = {
|
||||||
code: 'INCORRECT_PASSWORD',
|
code: 'INCORRECT_PASSWORD',
|
||||||
id: '141c598d-a825-44c8-9173-cfb9d92be493',
|
id: '141c598d-a825-44c8-9173-cfb9d92be493',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
authenticationFailed: {
|
||||||
|
message: 'Authentication failed.',
|
||||||
|
code: 'AUTHENTICATION_FAILED',
|
||||||
|
id: '724bcf94-1f52-4c57-ad40-4f7fbbf6ce87',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
} as const;
|
} as const;
|
||||||
|
|
||||||
|
@ -61,14 +67,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||||
if (profile.twoFactorEnabled) {
|
if (profile.twoFactorEnabled) {
|
||||||
const token = ps.token;
|
const token = ps.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new Error('authentication failed');
|
throw new ApiError(meta.errors.authenticationFailed);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
||||||
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
|
||||||
} catch (e) {
|
|
||||||
throw new Error('authentication failed');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make sure we only delete the user's own creds
|
// Make sure we only delete the user's own creds
|
||||||
|
|
|
@ -24,6 +24,12 @@ export const meta = {
|
||||||
code: 'INCORRECT_PASSWORD',
|
code: 'INCORRECT_PASSWORD',
|
||||||
id: '7add0395-9901-4098-82f9-4f67af65f775',
|
id: '7add0395-9901-4098-82f9-4f67af65f775',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
authenticationFailed: {
|
||||||
|
message: 'Authentication failed.',
|
||||||
|
code: 'AUTHENTICATION_FAILED',
|
||||||
|
id: '1b99d9c1-629c-41f9-9315-b27ee876f498',
|
||||||
|
},
|
||||||
},
|
},
|
||||||
} as const;
|
} as const;
|
||||||
|
|
||||||
|
@ -57,14 +63,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||||
if (profile.twoFactorEnabled) {
|
if (profile.twoFactorEnabled) {
|
||||||
const token = ps.token;
|
const token = ps.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new Error('authentication failed');
|
throw new ApiError(meta.errors.authenticationFailed);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
||||||
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
|
||||||
} catch (e) {
|
|
||||||
throw new Error('authentication failed');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
await this.userProfilesRepository.update(me.id, {
|
await this.userProfilesRepository.update(me.id, {
|
||||||
|
|
|
@ -9,11 +9,26 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
|
||||||
import type { UserProfilesRepository } from '@/models/_.js';
|
import type { UserProfilesRepository } from '@/models/_.js';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
import { UserAuthService } from '@/core/UserAuthService.js';
|
import { UserAuthService } from '@/core/UserAuthService.js';
|
||||||
|
import { ApiError } from '@/server/api/error.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
requireCredential: true,
|
requireCredential: true,
|
||||||
|
|
||||||
secure: true,
|
secure: true,
|
||||||
|
|
||||||
|
errors: {
|
||||||
|
incorrectPassword: {
|
||||||
|
message: 'Incorrect password.',
|
||||||
|
code: 'INCORRECT_PASSWORD',
|
||||||
|
id: 'f5bcd508-adcf-40b1-9031-2e944a5d8390',
|
||||||
|
},
|
||||||
|
|
||||||
|
authenticationFailed: {
|
||||||
|
message: 'Authentication failed.',
|
||||||
|
code: 'AUTHENTICATION_FAILED',
|
||||||
|
id: '97fee157-34eb-4b0d-8fc3-375d0040f807',
|
||||||
|
},
|
||||||
|
},
|
||||||
} as const;
|
} as const;
|
||||||
|
|
||||||
export const paramDef = {
|
export const paramDef = {
|
||||||
|
@ -39,20 +54,16 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||||
|
|
||||||
const passwordMatched = await bcrypt.compare(ps.currentPassword, profile.password!);
|
const passwordMatched = await bcrypt.compare(ps.currentPassword, profile.password!);
|
||||||
if (!passwordMatched) {
|
if (!passwordMatched) {
|
||||||
throw new Error('incorrect password');
|
throw new ApiError(meta.errors.incorrectPassword);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (profile.twoFactorEnabled) {
|
if (profile.twoFactorEnabled) {
|
||||||
const token = ps.token;
|
const token = ps.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new Error('authentication failed');
|
throw new ApiError(meta.errors.authenticationFailed);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
||||||
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
|
||||||
} catch (e) {
|
|
||||||
throw new Error('authentication failed');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate hash of password
|
// Generate hash of password
|
||||||
|
|
|
@ -10,12 +10,27 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
|
||||||
import { DeleteAccountService } from '@/core/DeleteAccountService.js';
|
import { DeleteAccountService } from '@/core/DeleteAccountService.js';
|
||||||
import { DI } from '@/di-symbols.js';
|
import { DI } from '@/di-symbols.js';
|
||||||
import { UserAuthService } from '@/core/UserAuthService.js';
|
import { UserAuthService } from '@/core/UserAuthService.js';
|
||||||
|
import { ApiError } from '@/server/api/error.js';
|
||||||
|
|
||||||
export const meta = {
|
export const meta = {
|
||||||
requireCredential: true,
|
requireCredential: true,
|
||||||
requireRolePolicy: 'canDeleteContent',
|
requireRolePolicy: 'canDeleteContent',
|
||||||
|
|
||||||
secure: true,
|
secure: true,
|
||||||
|
|
||||||
|
errors: {
|
||||||
|
incorrectPassword: {
|
||||||
|
message: 'Incorrect password.',
|
||||||
|
code: 'INCORRECT_PASSWORD',
|
||||||
|
id: '44326b04-08ea-4525-b01c-98cc117bdd2a',
|
||||||
|
},
|
||||||
|
|
||||||
|
authenticationFailed: {
|
||||||
|
message: 'Authentication failed.',
|
||||||
|
code: 'AUTHENTICATION_FAILED',
|
||||||
|
id: 'ea791cff-63e7-4b2a-92fc-646ab641794e',
|
||||||
|
},
|
||||||
|
},
|
||||||
} as const;
|
} as const;
|
||||||
|
|
||||||
export const paramDef = {
|
export const paramDef = {
|
||||||
|
@ -49,20 +64,16 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||||
|
|
||||||
const passwordMatched = await bcrypt.compare(ps.password, profile.password!);
|
const passwordMatched = await bcrypt.compare(ps.password, profile.password!);
|
||||||
if (!passwordMatched) {
|
if (!passwordMatched) {
|
||||||
throw new Error('incorrect password');
|
throw new ApiError(meta.errors.incorrectPassword);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (profile.twoFactorEnabled) {
|
if (profile.twoFactorEnabled) {
|
||||||
const token = ps.token;
|
const token = ps.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new Error('authentication failed');
|
throw new ApiError(meta.errors.authenticationFailed);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
||||||
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
|
||||||
} catch (e) {
|
|
||||||
throw new Error('authentication failed');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
await this.deleteAccountService.deleteAccount(me);
|
await this.deleteAccountService.deleteAccount(me);
|
||||||
|
|
|
@ -35,6 +35,12 @@ export const meta = {
|
||||||
id: 'e54c1d7e-e7d6-4103-86b6-0a95069b4ad3',
|
id: 'e54c1d7e-e7d6-4103-86b6-0a95069b4ad3',
|
||||||
},
|
},
|
||||||
|
|
||||||
|
authenticationFailed: {
|
||||||
|
message: 'Authentication failed.',
|
||||||
|
code: 'AUTHENTICATION_FAILED',
|
||||||
|
id: 'ef9323ea-8451-4f7a-8f35-4b1ee014d9b7',
|
||||||
|
},
|
||||||
|
|
||||||
unavailable: {
|
unavailable: {
|
||||||
message: 'Unavailable email address.',
|
message: 'Unavailable email address.',
|
||||||
code: 'UNAVAILABLE',
|
code: 'UNAVAILABLE',
|
||||||
|
@ -78,14 +84,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
||||||
if (profile.twoFactorEnabled) {
|
if (profile.twoFactorEnabled) {
|
||||||
const token = ps.token;
|
const token = ps.token;
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new Error('authentication failed');
|
throw new ApiError(meta.errors.authenticationFailed);
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
||||||
await this.userAuthService.twoFactorAuthenticate(profile, token);
|
|
||||||
} catch (e) {
|
|
||||||
throw new Error('authentication failed');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ps.email != null) {
|
if (ps.email != null) {
|
||||||
|
|
Loading…
Reference in a new issue