fix(backend): 追加認証の必要なAPIの認証失敗がサーバーエラーとして返されてしまう問題を修正 (MisskeyIO#255)

Co-authored-by: riku6460 <17585784+riku6460@users.noreply.github.com>

packages/backend/src/server/api/endpoints/i/2fa/key-done.ts

@@ -26,6 +26,12 @@ export const meta = {
 			id: '0d7ec6d2-e652-443e-a7bf-9ee9a0cd77b0',
 		},
 
+		authenticationFailed: {
+			message: 'Authentication failed.',
+			code: 'AUTHENTICATION_FAILED',
+			id: '7b7b1e88-c569-4873-9676-25c5717ace4e',
+		},
+
 		twoFactorNotEnabled: {
 			message: '2fa not enabled.',
 			code: 'TWO_FACTOR_NOT_ENABLED',
@@ -71,14 +77,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			if (profile.twoFactorEnabled) {
 				const token = ps.token;
 				if (token == null) {
-					throw new Error('authentication failed');
+					throw new ApiError(meta.errors.authenticationFailed);
 				}
 
-				try {
+				await this.userAuthService.twoFactorAuthenticate(profile, token);
-					await this.userAuthService.twoFactorAuthenticate(profile, token);
-				} catch (e) {
-					throw new Error('authentication failed');
-				}
 			} else {
 				throw new ApiError(meta.errors.twoFactorNotEnabled);
 			}

packages/backend/src/server/api/endpoints/i/2fa/register-key.ts

@@ -30,6 +30,12 @@ export const meta = {
 			id: '38769596-efe2-4faf-9bec-abbb3f2cd9ba',
 		},
 
+		authenticationFailed: {
+			message: 'Authentication failed.',
+			code: 'AUTHENTICATION_FAILED',
+			id: 'a7628591-668b-47b2-919f-d986b22af06a',
+		},
+
 		twoFactorNotEnabled: {
 			message: '2fa not enabled.',
 			code: 'TWO_FACTOR_NOT_ENABLED',
@@ -77,14 +83,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			if (profile.twoFactorEnabled) {
 				const token = ps.token;
 				if (token == null) {
-					throw new Error('authentication failed');
+					throw new ApiError(meta.errors.authenticationFailed);
 				}
 
-				try {
+				await this.userAuthService.twoFactorAuthenticate(profile, token);
-					await this.userAuthService.twoFactorAuthenticate(profile, token);
-				} catch (e) {
-					throw new Error('authentication failed');
-				}
 			} else {
 				throw new ApiError(meta.errors.twoFactorNotEnabled);
 			}

packages/backend/src/server/api/endpoints/i/2fa/register.ts

@@ -25,6 +25,12 @@ export const meta = {
 			code: 'INCORRECT_PASSWORD',
 			id: '78d6c839-20c9-4c66-b90a-fc0542168b48',
 		},
+
+		authenticationFailed: {
+			message: 'Authentication failed.',
+			code: 'AUTHENTICATION_FAILED',
+			id: 'e428f177-c6ae-4e91-9c7e-334b1836f9aa',
+		},
 	},
 } as const;
 
@@ -59,14 +65,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			if (profile.twoFactorEnabled) {
 				const token = ps.token;
 				if (token == null) {
-					throw new Error('authentication failed');
+					throw new ApiError(meta.errors.authenticationFailed);
 				}
 
-				try {
+				await this.userAuthService.twoFactorAuthenticate(profile, token);
-					await this.userAuthService.twoFactorAuthenticate(profile, token);
-				} catch (e) {
-					throw new Error('authentication failed');
-				}
 			}
 
 			// Generate user's secret key

packages/backend/src/server/api/endpoints/i/2fa/remove-key.ts

@@ -24,6 +24,12 @@ export const meta = {
 			code: 'INCORRECT_PASSWORD',
 			id: '141c598d-a825-44c8-9173-cfb9d92be493',
 		},
+
+		authenticationFailed: {
+			message: 'Authentication failed.',
+			code: 'AUTHENTICATION_FAILED',
+			id: '724bcf94-1f52-4c57-ad40-4f7fbbf6ce87',
+		},
 	},
 } as const;
 
@@ -61,14 +67,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			if (profile.twoFactorEnabled) {
 				const token = ps.token;
 				if (token == null) {
-					throw new Error('authentication failed');
+					throw new ApiError(meta.errors.authenticationFailed);
 				}
 
-				try {
+				await this.userAuthService.twoFactorAuthenticate(profile, token);
-					await this.userAuthService.twoFactorAuthenticate(profile, token);
-				} catch (e) {
-					throw new Error('authentication failed');
-				}
 			}
 
 			// Make sure we only delete the user's own creds

packages/backend/src/server/api/endpoints/i/2fa/unregister.ts

@@ -24,6 +24,12 @@ export const meta = {
 			code: 'INCORRECT_PASSWORD',
 			id: '7add0395-9901-4098-82f9-4f67af65f775',
 		},
+
+		authenticationFailed: {
+			message: 'Authentication failed.',
+			code: 'AUTHENTICATION_FAILED',
+			id: '1b99d9c1-629c-41f9-9315-b27ee876f498',
+		},
 	},
 } as const;
 
@@ -57,14 +63,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			if (profile.twoFactorEnabled) {
 				const token = ps.token;
 				if (token == null) {
-					throw new Error('authentication failed');
+					throw new ApiError(meta.errors.authenticationFailed);
 				}
 
-				try {
+				await this.userAuthService.twoFactorAuthenticate(profile, token);
-					await this.userAuthService.twoFactorAuthenticate(profile, token);
-				} catch (e) {
-					throw new Error('authentication failed');
-				}
 			}
 
 			await this.userProfilesRepository.update(me.id, {

packages/backend/src/server/api/endpoints/i/change-password.ts

@@ -9,11 +9,26 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { UserProfilesRepository } from '@/models/_.js';
 import { DI } from '@/di-symbols.js';
 import { UserAuthService } from '@/core/UserAuthService.js';
+import { ApiError } from '@/server/api/error.js';
 
 export const meta = {
 	requireCredential: true,
 
 	secure: true,
+
+	errors: {
+		incorrectPassword: {
+			message: 'Incorrect password.',
+			code: 'INCORRECT_PASSWORD',
+			id: 'f5bcd508-adcf-40b1-9031-2e944a5d8390',
+		},
+
+		authenticationFailed: {
+			message: 'Authentication failed.',
+			code: 'AUTHENTICATION_FAILED',
+			id: '97fee157-34eb-4b0d-8fc3-375d0040f807',
+		},
+	},
 } as const;
 
 export const paramDef = {
@@ -39,20 +54,16 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 			const passwordMatched = await bcrypt.compare(ps.currentPassword, profile.password!);
 			if (!passwordMatched) {
-				throw new Error('incorrect password');
+				throw new ApiError(meta.errors.incorrectPassword);
 			}
 
 			if (profile.twoFactorEnabled) {
 				const token = ps.token;
 				if (token == null) {
-					throw new Error('authentication failed');
+					throw new ApiError(meta.errors.authenticationFailed);
 				}
 
-				try {
+				await this.userAuthService.twoFactorAuthenticate(profile, token);
-					await this.userAuthService.twoFactorAuthenticate(profile, token);
-				} catch (e) {
-					throw new Error('authentication failed');
-				}
 			}
 
 			// Generate hash of password

packages/backend/src/server/api/endpoints/i/delete-account.ts

@@ -10,12 +10,27 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
 import { DeleteAccountService } from '@/core/DeleteAccountService.js';
 import { DI } from '@/di-symbols.js';
 import { UserAuthService } from '@/core/UserAuthService.js';
+import { ApiError } from '@/server/api/error.js';
 
 export const meta = {
 	requireCredential: true,
 	requireRolePolicy: 'canDeleteContent',
 
 	secure: true,
+
+	errors: {
+		incorrectPassword: {
+			message: 'Incorrect password.',
+			code: 'INCORRECT_PASSWORD',
+			id: '44326b04-08ea-4525-b01c-98cc117bdd2a',
+		},
+
+		authenticationFailed: {
+			message: 'Authentication failed.',
+			code: 'AUTHENTICATION_FAILED',
+			id: 'ea791cff-63e7-4b2a-92fc-646ab641794e',
+		},
+	},
 } as const;
 
 export const paramDef = {
@@ -49,20 +64,16 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 
 			const passwordMatched = await bcrypt.compare(ps.password, profile.password!);
 			if (!passwordMatched) {
-				throw new Error('incorrect password');
+				throw new ApiError(meta.errors.incorrectPassword);
 			}
 
 			if (profile.twoFactorEnabled) {
 				const token = ps.token;
 				if (token == null) {
-					throw new Error('authentication failed');
+					throw new ApiError(meta.errors.authenticationFailed);
 				}
 
-				try {
+				await this.userAuthService.twoFactorAuthenticate(profile, token);
-					await this.userAuthService.twoFactorAuthenticate(profile, token);
-				} catch (e) {
-					throw new Error('authentication failed');
-				}
 			}
 
 			await this.deleteAccountService.deleteAccount(me);

packages/backend/src/server/api/endpoints/i/update-email.ts

@@ -35,6 +35,12 @@ export const meta = {
 			id: 'e54c1d7e-e7d6-4103-86b6-0a95069b4ad3',
 		},
 
+		authenticationFailed: {
+			message: 'Authentication failed.',
+			code: 'AUTHENTICATION_FAILED',
+			id: 'ef9323ea-8451-4f7a-8f35-4b1ee014d9b7',
+		},
+
 		unavailable: {
 			message: 'Unavailable email address.',
 			code: 'UNAVAILABLE',
@@ -78,14 +84,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 			if (profile.twoFactorEnabled) {
 				const token = ps.token;
 				if (token == null) {
-					throw new Error('authentication failed');
+					throw new ApiError(meta.errors.authenticationFailed);
 				}
 
-				try {
+				await this.userAuthService.twoFactorAuthenticate(profile, token);
-					await this.userAuthService.twoFactorAuthenticate(profile, token);
-				} catch (e) {
-					throw new Error('authentication failed');
-				}
 			}
 
 			if (ps.email != null) {