Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve and standardise auth responses #98

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Improve and standardise auth responses #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/extensions/httpapi/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ module.exports.init = async function init(hooks, app) {
return;
}

let user = await app.userDb.authUserToken(token, ctx.ip);
if (!user) {
let auth = await app.userDb.authUserToken(token, ctx.ip);
if (!auth.user) {
ctx.response.status = 401;
return;
}
Expand All @@ -45,7 +45,7 @@ module.exports.init = async function init(hooks, app) {

try {
let result = await apiCommands[command](args, {
user,
user: auth.user,
hooks,
app,
token,
Expand Down
17 changes: 9 additions & 8 deletions src/worker/clientcommands.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,9 +124,9 @@ async function maybeProcessRegistration(con) {

} else if (networkName) {
// Logging into a network
let auth = await con.userDb.authUserNetwork(username, password, networkName);
if (!auth.network) {
await con.writeMsg('ERROR', 'Invalid password');
const auth = await con.userDb.authUserNetwork(username, password, networkName);
if (auth.error) {
await con.writeMsg('ERROR', auth.error);
con.close();
return false;
}
Expand All @@ -137,15 +137,16 @@ async function maybeProcessRegistration(con) {
con.state.authAdmin = auth.user && !!auth.user.admin;
} else {
// Logging into a user only mode (no attached network)
let user = await con.userDb.authUser(username, password, con.state.host);
if (!user) {
await con.writeMsg('ERROR', 'Invalid password');
const auth = await con.userDb.authUser(username, password, con.state.host);

if (auth.error) {
await con.writeMsg('ERROR', auth.error);
con.close();
return false;
}

con.state.authUserId = user.id;
con.state.authAdmin = !!user.admin;
con.state.authUserId = auth.user.id;
con.state.authAdmin = !!auth.user.admin;
}

await con.state.save();
Expand Down
59 changes: 43 additions & 16 deletions src/worker/users.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@ class Users {
}

async authUserNetwork(username, password, network) {
let ret = { network: null, user: null };

const auth = { network: null, user: null, error: null };
if (!Helpers.validUsername(username)) {
return ret;
auth.error = 'Invalid password';
return auth;
}

try {
Expand All @@ -21,7 +21,7 @@ class Users {
.innerJoin('users', 'users.id', 'user_networks.user_id')
.where('users.username', 'LIKE', username)
.where('user_networks.name', 'LIKE', network)
.select('user_networks.*', 'users.password as _pass', 'users.admin as user_admin');
.select('user_networks.*', 'users.password as _pass', 'users.admin as user_admin', 'users.locked as user_locked');

if (tokens.isUserToken(password)) {
isUserToken = true;
Expand All @@ -35,38 +35,45 @@ class Users {

let row = await query.first();
if (!row) {
return ret;
auth.error = 'Invalid password';
return auth;
}

if (row.user_locked) {
auth.error = 'Account locked';
return auth;
}

if (!isUserToken) {
let correctHash = await bcrypt.compare(password, row._pass);
if (!correctHash) {
return ret;
auth.error = 'Invalid password';
return auth;
}
}

ret.user = { admin: row.user_admin };
auth.user = { admin: row.user_admin };
delete row._pass;
delete row.user_admin;

ret.network = this.db.factories.Network.fromDbResult(row);
auth.network = this.db.factories.Network.fromDbResult(row);
} catch (err) {
l.error('Error logging user in:', err.stack);
}

return ret;
return auth;
}

async authUser(username, password, userHost) {
const auth = { network: null, user: null, error: null };
if (!Helpers.validUsername(username)) {
return null;
}

let isUserToken = false;
let query = this.db.dbUsers('users')
.select('users.*')
.where('username', 'LIKE', username)
.where('locked', '!=', true);
.where('username', 'LIKE', username);

if (tokens.isUserToken(password)) {
isUserToken = true;
Expand All @@ -82,21 +89,30 @@ class Users {
.then(this.db.factories.User.fromDbResult);

if (!user) {
return null;
auth.error = 'Invalid password';
return auth;
}

if (user.locked) {
auth.error = 'Account locked';
return auth;
}

if (!isUserToken && !await user.checkPassword(password)) {
return null;
auth.error = 'Invalid password';
return auth;
}

auth.user = user;
if (isUserToken && userHost) {
this.updateUserTokenAccess(user.id, password, userHost);
}

return user;
return auth;
}

async authUserToken(token, userHost) {
const auth = { network: null, user: null, error: null };
let user = this.db.dbUsers('users')
.innerJoin('user_tokens', 'users.id', 'user_tokens.user_id')
.where('user_tokens.token', token)
Expand All @@ -107,14 +123,21 @@ class Users {
.first()
.then(this.db.factories.User.fromDbResult);

if (user.locked) {
auth.error = 'Account locked';
return auth;
}

if (user) {
if (userHost) {
this.updateUserTokenAccess(user.id, token, userHost);
}
return user;
auth.user = user;
return auth;
}

return null;
auth.error = 'Invalid password';
return auth;
}

async generateUserToken(userId, duration, comment, userHost) {
Expand Down Expand Up @@ -171,6 +194,10 @@ class Users {
.delete();
}

async getUserById(id) {
return this.db.factories.User.query().where('id', id).first();
}

async getUser(username) {
if (!Helpers.validUsername(username)) {
return null;
Expand Down