Merge pull request #776 from hedgedoc/fix/UnauthorizedException

auth: Fix handling of internal server errors
2025-05-19 01:35:18 -04:00 · 2021-01-29 20:52:36 +01:00 · 2021-01-29 20:52:36 +01:00 · b49c802c79
commit b49c802c79
parent 63b61f304b 84915b61ac
2 changed files with 16 additions and 16 deletions
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@ -4,7 +4,7 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */
-import { Injectable } from '@nestjs/common';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { UsersService } from '../users/users.service';
 import { User } from '../users/user.entity';
 import { AuthToken } from './auth-token.entity';
@ -35,16 +35,20 @@ export class AuthService {
  }
  async validateToken(token: string): Promise<User> {
-    const [keyId, secret] = token.split('.');
+    try {
-    const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
+      const [keyId, secret] = token.split('.');
-    await this.setLastUsedToken(keyId);
+      const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
-    const user = await this.usersService.getUserByUsername(
+      await this.setLastUsedToken(keyId);
-      accessToken.user.userName,
+      return this.usersService.getUserByUsername(accessToken.user.userName);
-    );
+    } catch (error) {
-    if (user) {
+      if (
-      return user;
+        error instanceof NotInDBError ||
        error instanceof TokenNotValidError
      ) {
        throw new UnauthorizedException(error.message);
      }
      throw error;
    }
    return null;
  }
  async hashPassword(cleartext: string): Promise<string> {
--- a/src/auth/token.strategy.ts
+++ b/src/auth/token.strategy.ts
@ -6,7 +6,7 @@
 import { Strategy } from 'passport-http-bearer';
 import { PassportStrategy } from '@nestjs/passport';
-import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { Injectable } from '@nestjs/common';
 import { AuthService } from './auth.service';
 import { User } from '../users/user.entity';
@ -17,10 +17,6 @@ export class TokenStrategy extends PassportStrategy(Strategy, 'token') {
  }
  async validate(token: string): Promise<User> {
-    const user = await this.authService.validateToken(token);
+    return this.authService.validateToken(token);
    if (!user) {
      throw new UnauthorizedException();
    }
    return user;
  }
 }