From a2e6e0b6cc67453fcef5d4955c3817913211704c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=81=BE=E3=81=A3=E3=81=A1=E3=82=83=E3=81=A8=E3=83=BC?= =?UTF-8?q?=E3=81=AB=E3=82=85?= <17376330+u1-liquid@users.noreply.github.com> Date: Thu, 23 Nov 2023 14:56:04 +0900 Subject: [PATCH] =?UTF-8?q?fix(backend):=20=E8=BF=BD=E5=8A=A0=E8=AA=8D?= =?UTF-8?q?=E8=A8=BC=E3=81=AE=E5=BF=85=E8=A6=81=E3=81=AAAPI=E3=81=AE?= =?UTF-8?q?=E8=AA=8D=E8=A8=BC=E5=A4=B1=E6=95=97=E3=81=8C=E3=82=B5=E3=83=BC?= =?UTF-8?q?=E3=83=90=E3=83=BC=E3=82=A8=E3=83=A9=E3=83=BC=E3=81=A8=E3=81=97?= =?UTF-8?q?=E3=81=A6=E8=BF=94=E3=81=95=E3=82=8C=E3=81=A6=E3=81=97=E3=81=BE?= =?UTF-8?q?=E3=81=86=E5=95=8F=E9=A1=8C=E3=82=92=E4=BF=AE=E6=AD=A3=20(Missk?= =?UTF-8?q?eyIO#255)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com> --- .../server/api/endpoints/i/2fa/key-done.ts | 14 ++++++----- .../api/endpoints/i/2fa/register-key.ts | 14 ++++++----- .../server/api/endpoints/i/2fa/register.ts | 14 ++++++----- .../server/api/endpoints/i/2fa/remove-key.ts | 14 ++++++----- .../server/api/endpoints/i/2fa/unregister.ts | 14 ++++++----- .../server/api/endpoints/i/change-password.ts | 25 +++++++++++++------ .../server/api/endpoints/i/delete-account.ts | 25 +++++++++++++------ .../server/api/endpoints/i/update-email.ts | 14 ++++++----- 8 files changed, 84 insertions(+), 50 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts b/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts index 77c4351cb6..cf9310cc17 100644 --- a/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts +++ b/packages/backend/src/server/api/endpoints/i/2fa/key-done.ts @@ -26,6 +26,12 @@ export const meta = { id: '0d7ec6d2-e652-443e-a7bf-9ee9a0cd77b0', }, + authenticationFailed: { + message: 'Authentication failed.', + code: 'AUTHENTICATION_FAILED', + id: '7b7b1e88-c569-4873-9676-25c5717ace4e', + }, + twoFactorNotEnabled: { message: '2fa not enabled.', code: 'TWO_FACTOR_NOT_ENABLED', @@ -71,14 +77,10 @@ export default class extends Endpoint { if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.authenticationFailed); } - try { - await this.userAuthService.twoFactorAuthenticate(profile, token); - } catch (e) { - throw new Error('authentication failed'); - } + await this.userAuthService.twoFactorAuthenticate(profile, token); } else { throw new ApiError(meta.errors.twoFactorNotEnabled); } diff --git a/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts b/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts index 66cb69d46f..88e645760c 100644 --- a/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts +++ b/packages/backend/src/server/api/endpoints/i/2fa/register-key.ts @@ -30,6 +30,12 @@ export const meta = { id: '38769596-efe2-4faf-9bec-abbb3f2cd9ba', }, + authenticationFailed: { + message: 'Authentication failed.', + code: 'AUTHENTICATION_FAILED', + id: 'a7628591-668b-47b2-919f-d986b22af06a', + }, + twoFactorNotEnabled: { message: '2fa not enabled.', code: 'TWO_FACTOR_NOT_ENABLED', @@ -77,14 +83,10 @@ export default class extends Endpoint { if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.authenticationFailed); } - try { - await this.userAuthService.twoFactorAuthenticate(profile, token); - } catch (e) { - throw new Error('authentication failed'); - } + await this.userAuthService.twoFactorAuthenticate(profile, token); } else { throw new ApiError(meta.errors.twoFactorNotEnabled); } diff --git a/packages/backend/src/server/api/endpoints/i/2fa/register.ts b/packages/backend/src/server/api/endpoints/i/2fa/register.ts index 160af7a35c..cb77624338 100644 --- a/packages/backend/src/server/api/endpoints/i/2fa/register.ts +++ b/packages/backend/src/server/api/endpoints/i/2fa/register.ts @@ -25,6 +25,12 @@ export const meta = { code: 'INCORRECT_PASSWORD', id: '78d6c839-20c9-4c66-b90a-fc0542168b48', }, + + authenticationFailed: { + message: 'Authentication failed.', + code: 'AUTHENTICATION_FAILED', + id: 'e428f177-c6ae-4e91-9c7e-334b1836f9aa', + }, }, } as const; @@ -59,14 +65,10 @@ export default class extends Endpoint { // eslint- if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.authenticationFailed); } - try { - await this.userAuthService.twoFactorAuthenticate(profile, token); - } catch (e) { - throw new Error('authentication failed'); - } + await this.userAuthService.twoFactorAuthenticate(profile, token); } // Generate user's secret key diff --git a/packages/backend/src/server/api/endpoints/i/2fa/remove-key.ts b/packages/backend/src/server/api/endpoints/i/2fa/remove-key.ts index 3e2a3c7d39..c185ad2f77 100644 --- a/packages/backend/src/server/api/endpoints/i/2fa/remove-key.ts +++ b/packages/backend/src/server/api/endpoints/i/2fa/remove-key.ts @@ -24,6 +24,12 @@ export const meta = { code: 'INCORRECT_PASSWORD', id: '141c598d-a825-44c8-9173-cfb9d92be493', }, + + authenticationFailed: { + message: 'Authentication failed.', + code: 'AUTHENTICATION_FAILED', + id: '724bcf94-1f52-4c57-ad40-4f7fbbf6ce87', + }, }, } as const; @@ -61,14 +67,10 @@ export default class extends Endpoint { // eslint- if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.authenticationFailed); } - try { - await this.userAuthService.twoFactorAuthenticate(profile, token); - } catch (e) { - throw new Error('authentication failed'); - } + await this.userAuthService.twoFactorAuthenticate(profile, token); } // Make sure we only delete the user's own creds diff --git a/packages/backend/src/server/api/endpoints/i/2fa/unregister.ts b/packages/backend/src/server/api/endpoints/i/2fa/unregister.ts index c008a983bf..fe0cbbc3c8 100644 --- a/packages/backend/src/server/api/endpoints/i/2fa/unregister.ts +++ b/packages/backend/src/server/api/endpoints/i/2fa/unregister.ts @@ -24,6 +24,12 @@ export const meta = { code: 'INCORRECT_PASSWORD', id: '7add0395-9901-4098-82f9-4f67af65f775', }, + + authenticationFailed: { + message: 'Authentication failed.', + code: 'AUTHENTICATION_FAILED', + id: '1b99d9c1-629c-41f9-9315-b27ee876f498', + }, }, } as const; @@ -57,14 +63,10 @@ export default class extends Endpoint { // eslint- if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.authenticationFailed); } - try { - await this.userAuthService.twoFactorAuthenticate(profile, token); - } catch (e) { - throw new Error('authentication failed'); - } + await this.userAuthService.twoFactorAuthenticate(profile, token); } await this.userProfilesRepository.update(me.id, { diff --git a/packages/backend/src/server/api/endpoints/i/change-password.ts b/packages/backend/src/server/api/endpoints/i/change-password.ts index d5042d7564..a76d4f5756 100644 --- a/packages/backend/src/server/api/endpoints/i/change-password.ts +++ b/packages/backend/src/server/api/endpoints/i/change-password.ts @@ -9,11 +9,26 @@ import { Endpoint } from '@/server/api/endpoint-base.js'; import type { UserProfilesRepository } from '@/models/_.js'; import { DI } from '@/di-symbols.js'; import { UserAuthService } from '@/core/UserAuthService.js'; +import { ApiError } from '@/server/api/error.js'; export const meta = { requireCredential: true, secure: true, + + errors: { + incorrectPassword: { + message: 'Incorrect password.', + code: 'INCORRECT_PASSWORD', + id: 'f5bcd508-adcf-40b1-9031-2e944a5d8390', + }, + + authenticationFailed: { + message: 'Authentication failed.', + code: 'AUTHENTICATION_FAILED', + id: '97fee157-34eb-4b0d-8fc3-375d0040f807', + }, + }, } as const; export const paramDef = { @@ -39,20 +54,16 @@ export default class extends Endpoint { // eslint- const passwordMatched = await bcrypt.compare(ps.currentPassword, profile.password!); if (!passwordMatched) { - throw new Error('incorrect password'); + throw new ApiError(meta.errors.incorrectPassword); } if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.authenticationFailed); } - try { - await this.userAuthService.twoFactorAuthenticate(profile, token); - } catch (e) { - throw new Error('authentication failed'); - } + await this.userAuthService.twoFactorAuthenticate(profile, token); } // Generate hash of password diff --git a/packages/backend/src/server/api/endpoints/i/delete-account.ts b/packages/backend/src/server/api/endpoints/i/delete-account.ts index 9c08863ae2..fc66a67f22 100644 --- a/packages/backend/src/server/api/endpoints/i/delete-account.ts +++ b/packages/backend/src/server/api/endpoints/i/delete-account.ts @@ -10,12 +10,27 @@ import { Endpoint } from '@/server/api/endpoint-base.js'; import { DeleteAccountService } from '@/core/DeleteAccountService.js'; import { DI } from '@/di-symbols.js'; import { UserAuthService } from '@/core/UserAuthService.js'; +import { ApiError } from '@/server/api/error.js'; export const meta = { requireCredential: true, requireRolePolicy: 'canDeleteContent', secure: true, + + errors: { + incorrectPassword: { + message: 'Incorrect password.', + code: 'INCORRECT_PASSWORD', + id: '44326b04-08ea-4525-b01c-98cc117bdd2a', + }, + + authenticationFailed: { + message: 'Authentication failed.', + code: 'AUTHENTICATION_FAILED', + id: 'ea791cff-63e7-4b2a-92fc-646ab641794e', + }, + }, } as const; export const paramDef = { @@ -49,20 +64,16 @@ export default class extends Endpoint { // eslint- const passwordMatched = await bcrypt.compare(ps.password, profile.password!); if (!passwordMatched) { - throw new Error('incorrect password'); + throw new ApiError(meta.errors.incorrectPassword); } if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.authenticationFailed); } - try { - await this.userAuthService.twoFactorAuthenticate(profile, token); - } catch (e) { - throw new Error('authentication failed'); - } + await this.userAuthService.twoFactorAuthenticate(profile, token); } await this.deleteAccountService.deleteAccount(me); diff --git a/packages/backend/src/server/api/endpoints/i/update-email.ts b/packages/backend/src/server/api/endpoints/i/update-email.ts index 55bd402f26..7dbb6ce85a 100644 --- a/packages/backend/src/server/api/endpoints/i/update-email.ts +++ b/packages/backend/src/server/api/endpoints/i/update-email.ts @@ -35,6 +35,12 @@ export const meta = { id: 'e54c1d7e-e7d6-4103-86b6-0a95069b4ad3', }, + authenticationFailed: { + message: 'Authentication failed.', + code: 'AUTHENTICATION_FAILED', + id: 'ef9323ea-8451-4f7a-8f35-4b1ee014d9b7', + }, + unavailable: { message: 'Unavailable email address.', code: 'UNAVAILABLE', @@ -78,14 +84,10 @@ export default class extends Endpoint { // eslint- if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { - throw new Error('authentication failed'); + throw new ApiError(meta.errors.authenticationFailed); } - try { - await this.userAuthService.twoFactorAuthenticate(profile, token); - } catch (e) { - throw new Error('authentication failed'); - } + await this.userAuthService.twoFactorAuthenticate(profile, token); } if (ps.email != null) {