usbharu
/
misskey
mirror of https://github.com/misskey-dev/misskey.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: signin の資格情報が足りないだけの場合はエラーにせず200を返すように

This commit is contained in:
kakkokari-gtyih 2024-10-04 19:07:25 +09:00
parent b36d13d90c
commit cfde3248df
5 changed files with 148 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
packages/backend/src/server/api/SigninApiService.ts
View File

@ -5,8 +5,8 @@
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import bcrypt from 'bcryptjs'; import bcrypt from 'bcryptjs';
import * as OTPAuth from 'otpauth';
import { IsNull } from 'typeorm'; import { IsNull } from 'typeorm';
import * as Misskey from 'misskey-js';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import type { import type {
MiMeta, MiMeta,
@ -26,27 +26,9 @@ import { CaptchaService } from '@/core/CaptchaService.js';
import { FastifyReplyError } from '@/misc/fastify-reply-error.js'; import { FastifyReplyError } from '@/misc/fastify-reply-error.js';
import { RateLimiterService } from './RateLimiterService.js'; import { RateLimiterService } from './RateLimiterService.js';
import { SigninService } from './SigninService.js'; import { SigninService } from './SigninService.js';
import type { AuthenticationResponseJSON, PublicKeyCredentialRequestOptionsJSON } from '@simplewebauthn/types'; import type { AuthenticationResponseJSON } from '@simplewebauthn/types';
import type { FastifyReply, FastifyRequest } from 'fastify'; import type { FastifyReply, FastifyRequest } from 'fastify';
/**
* next
*
* - `captcha`: CAPTCHAを求める
* - `password`:
* - `totp`:
* - `passkey`: WebAuthn認証を求めるWebAuthnに対応していないブラウザの場合はワンタイムパスワード
*/
type SigninErrorResponse = {
id: string;
next?: 'captcha' | 'password' | 'totp';
} | {
id: string;
next: 'passkey';
authRequest: PublicKeyCredentialRequestOptionsJSON;
};
@Injectable() @Injectable()
export class SigninApiService { export class SigninApiService {
constructor( constructor(
@ -101,7 +83,7 @@ export class SigninApiService {
const password = body['password']; const password = body['password'];
const token = body['token']; const token = body['token'];
function error(status: number, error: SigninErrorResponse) { function error(status: number, error: { id: string }) {
reply.code(status); reply.code(status);
return { error }; return { error };
} }
@ -152,21 +134,17 @@ export class SigninApiService {
const securityKeysAvailable = await this.userSecurityKeysRepository.countBy({ userId: user.id }).then(result => result >= 1); const securityKeysAvailable = await this.userSecurityKeysRepository.countBy({ userId: user.id }).then(result => result >= 1);
if (password == null) { if (password == null) {
reply.code(403); reply.code(200);
if (profile.twoFactorEnabled) { if (profile.twoFactorEnabled) {
return { return {
error: { finished: false,
id: '144ff4f8-bd6c-41bc-82c3-b672eb09efbf', next: 'password',
next: 'password', } satisfies Misskey.entities.SigninResponse;
},
} satisfies { error: SigninErrorResponse };
} else { } else {
return { return {
error: { finished: false,
id: '144ff4f8-bd6c-41bc-82c3-b672eb09efbf', next: 'captcha',
next: 'captcha', } satisfies Misskey.entities.SigninResponse;
},
} satisfies { error: SigninErrorResponse };
} }
} }
@ -178,7 +156,7 @@ export class SigninApiService {
// Compare password // Compare password
const same = await bcrypt.compare(password, profile.password!); const same = await bcrypt.compare(password, profile.password!);
const fail = async (status?: number, failure?: SigninErrorResponse) => { const fail = async (status?: number, failure?: { id: string; }) => {
// Append signin history // Append signin history
await this.signinsRepository.insert({ await this.signinsRepository.insert({
id: this.idService.gen(), id: this.idService.gen(),
@ -268,27 +246,23 @@ export class SigninApiService {
const authRequest = await this.webAuthnService.initiateAuthentication(user.id); const authRequest = await this.webAuthnService.initiateAuthentication(user.id);
reply.code(403); reply.code(200);
return { return {
error: { finished: false,
id: '06e661b9-8146-4ae3-bde5-47138c0ae0c4', next: 'passkey',
next: 'passkey', authRequest,
authRequest, } satisfies Misskey.entities.SigninResponse;
},
} satisfies { error: SigninErrorResponse };
} else { } else {
if (!same || !profile.twoFactorEnabled) { if (!same || !profile.twoFactorEnabled) {
return await fail(403, { return await fail(403, {
id: '932c904e-9460-45b7-9ce6-7ed33be7eb2c', id: '932c904e-9460-45b7-9ce6-7ed33be7eb2c',
}); });
} else { } else {
reply.code(403); reply.code(200);
return { return {
error: { finished: false,
id: '144ff4f8-bd6c-41bc-82c3-b672eb09efbf', next: 'totp',
next: 'totp', } satisfies Misskey.entities.SigninResponse;
},
} satisfies { error: SigninErrorResponse };
} }
} }
// never get here // never get here

6
packages/backend/src/server/api/SigninService.ts
View File

@ -4,6 +4,7 @@
*/ */
import { Inject, Injectable } from '@nestjs/common'; import { Inject, Injectable } from '@nestjs/common';
import * as Misskey from 'misskey-js';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import type { SigninsRepository, UserProfilesRepository } from '@/models/_.js'; import type { SigninsRepository, UserProfilesRepository } from '@/models/_.js';
import { IdService } from '@/core/IdService.js'; import { IdService } from '@/core/IdService.js';
@ -57,9 +58,10 @@ export class SigninService {
reply.code(200); reply.code(200);
return { return {
finished: true,
id: user.id, id: user.id,
i: user.token, i: user.token!,
}; } satisfies Misskey.entities.SigninResponse;
} }
} }

216
packages/frontend/src/components/MkSignin.vue
View File

@ -227,8 +227,38 @@ async function tryLogin(req: Partial<Misskey.entities.SigninRequest>): Promise<M
} }
return await misskeyApi('signin', _req).then(async (res) => { return await misskeyApi('signin', _req).then(async (res) => {
emit('login', res); if (res.finished) {
await onLoginSucceeded(res); emit('login', res);
await onLoginSucceeded(res);
} else {
switch (res.next) {
case 'captcha': {
needCaptcha.value = true;
page.value = 'password';
break;
}
case 'password': {
needCaptcha.value = false;
page.value = 'password';
break;
}
case 'totp': {
page.value = 'totp';
break;
}
case 'passkey': {
if (webAuthnSupported()) {
credentialRequest.value = parseRequestOptionsFromJSON({
publicKey: res.authRequest,
});
page.value = 'passkey';
} else {
page.value = 'totp';
}
break;
}
}
}
return res; return res;
}).catch((err) => { }).catch((err) => {
onSigninApiError(err); onSigninApiError(err);
@ -236,7 +266,7 @@ async function tryLogin(req: Partial<Misskey.entities.SigninRequest>): Promise<M
}); });
} }
async function onLoginSucceeded(res: Misskey.entities.SigninResponse) { async function onLoginSucceeded(res: Misskey.entities.SigninResponse & { finished: true; }) {
if (props.autoSet) { if (props.autoSet) {
await login(res.i); await login(res.i);
} }
@ -245,112 +275,82 @@ async function onLoginSucceeded(res: Misskey.entities.SigninResponse) {
function onSigninApiError(err?: any): void { function onSigninApiError(err?: any): void {
const id = err?.id ?? null; const id = err?.id ?? null;
if (typeof err === 'object' && 'next' in err) { switch (id) {
switch (err.next) { case '6cc579cc-885d-43d8-95c2-b8c7fc963280': {
case 'captcha': { os.alert({
needCaptcha.value = true; type: 'error',
page.value = 'password'; title: i18n.ts.loginFailed,
break; text: i18n.ts.noSuchUser,
} });
case 'password': { break;
needCaptcha.value = false;
page.value = 'password';
break;
}
case 'totp': {
page.value = 'totp';
break;
}
case 'passkey': {
if (webAuthnSupported() && 'authRequest' in err) {
credentialRequest.value = parseRequestOptionsFromJSON({
publicKey: err.authRequest,
});
page.value = 'passkey';
} else {
page.value = 'totp';
}
break;
}
} }
} else { case '932c904e-9460-45b7-9ce6-7ed33be7eb2c': {
switch (id) { os.alert({
case '6cc579cc-885d-43d8-95c2-b8c7fc963280': { type: 'error',
os.alert({ title: i18n.ts.loginFailed,
type: 'error', text: i18n.ts.incorrectPassword,
title: i18n.ts.loginFailed, });
text: i18n.ts.noSuchUser, break;
}); }
break; case 'e03a5f46-d309-4865-9b69-56282d94e1eb': {
} showSuspendedDialog();
case '932c904e-9460-45b7-9ce6-7ed33be7eb2c': { break;
os.alert({ }
type: 'error', case '22d05606-fbcf-421a-a2db-b32610dcfd1b': {
title: i18n.ts.loginFailed, os.alert({
text: i18n.ts.incorrectPassword, type: 'error',
}); title: i18n.ts.loginFailed,
break; text: i18n.ts.rateLimitExceeded,
} });
case 'e03a5f46-d309-4865-9b69-56282d94e1eb': { break;
showSuspendedDialog(); }
break; case 'cdf1235b-ac71-46d4-a3a6-84ccce48df6f': {
} os.alert({
case '22d05606-fbcf-421a-a2db-b32610dcfd1b': { type: 'error',
os.alert({ title: i18n.ts.loginFailed,
type: 'error', text: i18n.ts.incorrectTotp,
title: i18n.ts.loginFailed, });
text: i18n.ts.rateLimitExceeded, break;
}); }
break; case '36b96a7d-b547-412d-aeed-2d611cdc8cdc': {
} os.alert({
case 'cdf1235b-ac71-46d4-a3a6-84ccce48df6f': { type: 'error',
os.alert({ title: i18n.ts.loginFailed,
type: 'error', text: i18n.ts.unknownWebAuthnKey,
title: i18n.ts.loginFailed, });
text: i18n.ts.incorrectTotp, break;
}); }
break; case '93b86c4b-72f9-40eb-9815-798928603d1e': {
} os.alert({
case '36b96a7d-b547-412d-aeed-2d611cdc8cdc': { type: 'error',
os.alert({ title: i18n.ts.loginFailed,
type: 'error', text: i18n.ts.passkeyVerificationFailed,
title: i18n.ts.loginFailed, });
text: i18n.ts.unknownWebAuthnKey, break;
}); }
break; case 'b18c89a7-5b5e-4cec-bb5b-0419f332d430': {
} os.alert({
case '93b86c4b-72f9-40eb-9815-798928603d1e': { type: 'error',
os.alert({ title: i18n.ts.loginFailed,
type: 'error', text: i18n.ts.passkeyVerificationFailed,
title: i18n.ts.loginFailed, });
text: i18n.ts.passkeyVerificationFailed, break;
}); }
break; case '2d84773e-f7b7-4d0b-8f72-bb69b584c912': {
} os.alert({
case 'b18c89a7-5b5e-4cec-bb5b-0419f332d430': { type: 'error',
os.alert({ title: i18n.ts.loginFailed,
type: 'error', text: i18n.ts.passkeyVerificationSucceededButPasswordlessLoginDisabled,
title: i18n.ts.loginFailed, });
text: i18n.ts.passkeyVerificationFailed, break;
}); }
break; default: {
} console.error(err);
case '2d84773e-f7b7-4d0b-8f72-bb69b584c912': { os.alert({
os.alert({ type: 'error',
type: 'error', title: i18n.ts.loginFailed,
title: i18n.ts.loginFailed, text: JSON.stringify(err),
text: i18n.ts.passkeyVerificationSucceededButPasswordlessLoginDisabled, });
});
break;
}
default: {
console.error(err);
os.alert({
type: 'error',
title: i18n.ts.loginFailed,
text: JSON.stringify(err),
});
}
} }
} }

7
packages/frontend/src/components/MkSignupDialog.form.vue
View File

@ -275,8 +275,13 @@ async function onSubmit(): Promise<void> {
}); });
emit('signup', res); emit('signup', res);
if (props.autoSet) { if (props.autoSet && res.finished) {
return login(res.i); return login(res.i);
} else {
os.alert({
type: 'error',
text: i18n.ts.somethingHappened,
});
} }
} }
} catch { } catch {

12
packages/misskey-js/src/entities.ts
View File

@ -293,8 +293,16 @@ export type SigninWithPasskeyResponse = {
}; };
export type SigninResponse = { export type SigninResponse = {
id: User['id'], finished: true;
i: string, id: User['id'];
i: string;
} | {
finished: false;
next: 'captcha' | 'password' | 'totp';
} | {
finished: false;
next: 'passkey';
authRequest: PublicKeyCredentialRequestOptionsJSON;
}; };
type Values<T extends Record<PropertyKey, unknown>> = T[keyof T]; type Values<T extends Record<PropertyKey, unknown>> = T[keyof T];