fix(backend): 追加認証の必要なAPIの認証失敗がサーバーエラーとして返されてしまう問題を修正 (MisskeyIO#255)

Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>
This commit is contained in:
まっちゃとーにゅ 2023-11-23 14:56:04 +09:00 committed by GitHub
parent 20b4180667
commit a2e6e0b6cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 84 additions and 50 deletions

View file

@ -26,6 +26,12 @@ export const meta = {
id: '0d7ec6d2-e652-443e-a7bf-9ee9a0cd77b0',
},
authenticationFailed: {
message: 'Authentication failed.',
code: 'AUTHENTICATION_FAILED',
id: '7b7b1e88-c569-4873-9676-25c5717ace4e',
},
twoFactorNotEnabled: {
message: '2fa not enabled.',
code: 'TWO_FACTOR_NOT_ENABLED',
@ -71,14 +77,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
if (profile.twoFactorEnabled) {
const token = ps.token;
if (token == null) {
throw new Error('authentication failed');
throw new ApiError(meta.errors.authenticationFailed);
}
try {
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
throw new Error('authentication failed');
}
} else {
throw new ApiError(meta.errors.twoFactorNotEnabled);
}

View file

@ -30,6 +30,12 @@ export const meta = {
id: '38769596-efe2-4faf-9bec-abbb3f2cd9ba',
},
authenticationFailed: {
message: 'Authentication failed.',
code: 'AUTHENTICATION_FAILED',
id: 'a7628591-668b-47b2-919f-d986b22af06a',
},
twoFactorNotEnabled: {
message: '2fa not enabled.',
code: 'TWO_FACTOR_NOT_ENABLED',
@ -77,14 +83,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
if (profile.twoFactorEnabled) {
const token = ps.token;
if (token == null) {
throw new Error('authentication failed');
throw new ApiError(meta.errors.authenticationFailed);
}
try {
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
throw new Error('authentication failed');
}
} else {
throw new ApiError(meta.errors.twoFactorNotEnabled);
}

View file

@ -25,6 +25,12 @@ export const meta = {
code: 'INCORRECT_PASSWORD',
id: '78d6c839-20c9-4c66-b90a-fc0542168b48',
},
authenticationFailed: {
message: 'Authentication failed.',
code: 'AUTHENTICATION_FAILED',
id: 'e428f177-c6ae-4e91-9c7e-334b1836f9aa',
},
},
} as const;
@ -59,14 +65,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
if (profile.twoFactorEnabled) {
const token = ps.token;
if (token == null) {
throw new Error('authentication failed');
throw new ApiError(meta.errors.authenticationFailed);
}
try {
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
throw new Error('authentication failed');
}
}
// Generate user's secret key

View file

@ -24,6 +24,12 @@ export const meta = {
code: 'INCORRECT_PASSWORD',
id: '141c598d-a825-44c8-9173-cfb9d92be493',
},
authenticationFailed: {
message: 'Authentication failed.',
code: 'AUTHENTICATION_FAILED',
id: '724bcf94-1f52-4c57-ad40-4f7fbbf6ce87',
},
},
} as const;
@ -61,14 +67,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
if (profile.twoFactorEnabled) {
const token = ps.token;
if (token == null) {
throw new Error('authentication failed');
throw new ApiError(meta.errors.authenticationFailed);
}
try {
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
throw new Error('authentication failed');
}
}
// Make sure we only delete the user's own creds

View file

@ -24,6 +24,12 @@ export const meta = {
code: 'INCORRECT_PASSWORD',
id: '7add0395-9901-4098-82f9-4f67af65f775',
},
authenticationFailed: {
message: 'Authentication failed.',
code: 'AUTHENTICATION_FAILED',
id: '1b99d9c1-629c-41f9-9315-b27ee876f498',
},
},
} as const;
@ -57,14 +63,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
if (profile.twoFactorEnabled) {
const token = ps.token;
if (token == null) {
throw new Error('authentication failed');
throw new ApiError(meta.errors.authenticationFailed);
}
try {
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
throw new Error('authentication failed');
}
}
await this.userProfilesRepository.update(me.id, {

View file

@ -9,11 +9,26 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
import type { UserProfilesRepository } from '@/models/_.js';
import { DI } from '@/di-symbols.js';
import { UserAuthService } from '@/core/UserAuthService.js';
import { ApiError } from '@/server/api/error.js';
export const meta = {
requireCredential: true,
secure: true,
errors: {
incorrectPassword: {
message: 'Incorrect password.',
code: 'INCORRECT_PASSWORD',
id: 'f5bcd508-adcf-40b1-9031-2e944a5d8390',
},
authenticationFailed: {
message: 'Authentication failed.',
code: 'AUTHENTICATION_FAILED',
id: '97fee157-34eb-4b0d-8fc3-375d0040f807',
},
},
} as const;
export const paramDef = {
@ -39,20 +54,16 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const passwordMatched = await bcrypt.compare(ps.currentPassword, profile.password!);
if (!passwordMatched) {
throw new Error('incorrect password');
throw new ApiError(meta.errors.incorrectPassword);
}
if (profile.twoFactorEnabled) {
const token = ps.token;
if (token == null) {
throw new Error('authentication failed');
throw new ApiError(meta.errors.authenticationFailed);
}
try {
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
throw new Error('authentication failed');
}
}
// Generate hash of password

View file

@ -10,12 +10,27 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
import { DeleteAccountService } from '@/core/DeleteAccountService.js';
import { DI } from '@/di-symbols.js';
import { UserAuthService } from '@/core/UserAuthService.js';
import { ApiError } from '@/server/api/error.js';
export const meta = {
requireCredential: true,
requireRolePolicy: 'canDeleteContent',
secure: true,
errors: {
incorrectPassword: {
message: 'Incorrect password.',
code: 'INCORRECT_PASSWORD',
id: '44326b04-08ea-4525-b01c-98cc117bdd2a',
},
authenticationFailed: {
message: 'Authentication failed.',
code: 'AUTHENTICATION_FAILED',
id: 'ea791cff-63e7-4b2a-92fc-646ab641794e',
},
},
} as const;
export const paramDef = {
@ -49,20 +64,16 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
const passwordMatched = await bcrypt.compare(ps.password, profile.password!);
if (!passwordMatched) {
throw new Error('incorrect password');
throw new ApiError(meta.errors.incorrectPassword);
}
if (profile.twoFactorEnabled) {
const token = ps.token;
if (token == null) {
throw new Error('authentication failed');
throw new ApiError(meta.errors.authenticationFailed);
}
try {
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
throw new Error('authentication failed');
}
}
await this.deleteAccountService.deleteAccount(me);

View file

@ -35,6 +35,12 @@ export const meta = {
id: 'e54c1d7e-e7d6-4103-86b6-0a95069b4ad3',
},
authenticationFailed: {
message: 'Authentication failed.',
code: 'AUTHENTICATION_FAILED',
id: 'ef9323ea-8451-4f7a-8f35-4b1ee014d9b7',
},
unavailable: {
message: 'Unavailable email address.',
code: 'UNAVAILABLE',
@ -78,14 +84,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
if (profile.twoFactorEnabled) {
const token = ps.token;
if (token == null) {
throw new Error('authentication failed');
throw new ApiError(meta.errors.authenticationFailed);
}
try {
await this.userAuthService.twoFactorAuthenticate(profile, token);
} catch (e) {
throw new Error('authentication failed');
}
}
if (ps.email != null) {