mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-22 03:05:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

auth: Fix handling of internal server errors

Browse source 
Catch all NotInDbErrors and TokenNotValidError and transform them to UnauthorizedException with the correct message.
This prevents nest from telling the api user that an internal server error has happened and instead display the correct http error code 401.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-27 21:55:30 +01:00
parent 13fcd72f2d
commit 84915b61ac
2 changed files with 16 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/auth/auth.service.ts
View file

@ -4,7 +4,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
import { Injectable } from '@nestjs/common'; import { Injectable, UnauthorizedException } from '@nestjs/common';
import { UsersService } from '../users/users.service'; import { UsersService } from '../users/users.service';
import { User } from '../users/user.entity'; import { User } from '../users/user.entity';
import { AuthToken } from './auth-token.entity'; import { AuthToken } from './auth-token.entity';
@ -35,16 +35,20 @@ export class AuthService {
} }
async validateToken(token: string): Promise<User> { async validateToken(token: string): Promise<User> {
try {
const [keyId, secret] = token.split('.'); const [keyId, secret] = token.split('.');
const accessToken = await this.getAuthTokenAndValidate(keyId, secret); const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
await this.setLastUsedToken(keyId); await this.setLastUsedToken(keyId);
const user = await this.usersService.getUserByUsername( return this.usersService.getUserByUsername(accessToken.user.userName);
accessToken.user.userName, } catch (error) {
); if (
if (user) { error instanceof NotInDBError ||
return user; error instanceof TokenNotValidError
) {
throw new UnauthorizedException(error.message);
}
throw error;
} }
return null;
} }
async hashPassword(cleartext: string): Promise<string> { async hashPassword(cleartext: string): Promise<string> {

8
src/auth/token.strategy.ts
View file

@ -6,7 +6,7 @@
import { Strategy } from 'passport-http-bearer'; import { Strategy } from 'passport-http-bearer';
import { PassportStrategy } from '@nestjs/passport'; import { PassportStrategy } from '@nestjs/passport';
import { Injectable, UnauthorizedException } from '@nestjs/common'; import { Injectable } from '@nestjs/common';
import { AuthService } from './auth.service'; import { AuthService } from './auth.service';
import { User } from '../users/user.entity'; import { User } from '../users/user.entity';
@ -17,10 +17,6 @@ export class TokenStrategy extends PassportStrategy(Strategy, 'token') {
} }
async validate(token: string): Promise<User> { async validate(token: string): Promise<User> {
const user = await this.authService.validateToken(token); return this.authService.validateToken(token);
if (!user) {
throw new UnauthorizedException();
}
return user;
} }
} }