From 58319728fa1ae7c93f7a94d0090d06f25abfb74e Mon Sep 17 00:00:00 2001 From: Maksim Eltyshev Date: Fri, 30 Aug 2024 11:39:56 +0200 Subject: [PATCH] chore: Rename env variable, refactoring --- client/src/components/Login/Login.jsx | 13 ++++----- docker-compose-dev.yml | 2 ++ docker-compose.yml | 2 +- server/.env.sample | 2 +- .../api/controllers/access-tokens/create.js | 28 +++++++++---------- server/config/custom.js | 4 +-- 6 files changed, 25 insertions(+), 26 deletions(-) diff --git a/client/src/components/Login/Login.jsx b/client/src/components/Login/Login.jsx index 6303d34b..c7ae43b1 100755 --- a/client/src/components/Login/Login.jsx +++ b/client/src/components/Login/Login.jsx @@ -18,6 +18,11 @@ const createMessage = (error) => { } switch (error.message) { + case 'Invalid credentials': + return { + type: 'error', + content: 'common.invalidCredentials', + }; case 'Invalid email or username': return { type: 'error', @@ -28,11 +33,6 @@ const createMessage = (error) => { type: 'error', content: 'common.invalidPassword', }; - case 'Invalid credentials': - return { - type: 'error', - content: 'common.invalidCredentials', - }; case 'Use single sign-on': return { type: 'error', @@ -122,9 +122,6 @@ const Login = React.memo( if (wasSubmitting && !isSubmitting && error) { switch (error.message) { case 'Invalid credentials': - emailOrUsernameField.current.select(); - - break; case 'Invalid email or username': emailOrUsernameField.current.select(); diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml index daac98f6..88a6433f 100644 --- a/docker-compose-dev.yml +++ b/docker-compose-dev.yml @@ -24,6 +24,8 @@ services: # Configure knex to accept SSL certificates # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false + # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons. + # - ALLOW_ALL_TO_CREATE_PROJECTS=true # - OIDC_ISSUER= diff --git a/docker-compose.yml b/docker-compose.yml index 15a3cbc7..28ba07b8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -31,7 +31,7 @@ services: # - DEFAULT_ADMIN_NAME=Demo Demo # - DEFAULT_ADMIN_USERNAME=demo - # - ENABLE_VERBOSE_ON_LOGIN=false # Set to true will show more verbose error messages on login. Should not be disabled without a rate limiter for security reasons. + # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons. # - ALLOW_ALL_TO_CREATE_PROJECTS=true diff --git a/server/.env.sample b/server/.env.sample index 7293e31f..32a91dd5 100644 --- a/server/.env.sample +++ b/server/.env.sample @@ -22,7 +22,7 @@ SECRET_KEY=notsecretkey # DEFAULT_ADMIN_NAME=Demo Demo # DEFAULT_ADMIN_USERNAME=demo -# ENABLE_VERBOSE_ON_LOGIN=false # Set to true will show more verbose error messages on login. Should not be disabled without a rate limiter for security reasons. +# SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons. # ALLOW_ALL_TO_CREATE_PROJECTS=true diff --git a/server/api/controllers/access-tokens/create.js b/server/api/controllers/access-tokens/create.js index cecc2585..8dc2faed 100755 --- a/server/api/controllers/access-tokens/create.js +++ b/server/api/controllers/access-tokens/create.js @@ -4,15 +4,15 @@ const validator = require('validator'); const { getRemoteAddress } = require('../../../utils/remoteAddress'); const Errors = { + INVALID_CREDENTIALS: { + invalidCredentials: 'Invalid credentials', + }, INVALID_EMAIL_OR_USERNAME: { invalidEmailOrUsername: 'Invalid email or username', }, INVALID_PASSWORD: { invalidPassword: 'Invalid password', }, - INVALID_CREDENTIALS: { - invalidCredentials: 'Invalid credentials', - }, USE_SINGLE_SIGN_ON: { useSingleSignOn: 'Use single sign-on', }, @@ -37,15 +37,15 @@ module.exports = { }, exits: { + invalidCredentials: { + responseType: 'unauthorized', + }, invalidEmailOrUsername: { responseType: 'unauthorized', }, invalidPassword: { responseType: 'unauthorized', }, - invalidCredentials: { - responseType: 'unauthorized', - }, useSingleSignOn: { responseType: 'forbidden', }, @@ -63,10 +63,10 @@ module.exports = { sails.log.warn( `Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${remoteAddress})`, ); - if (!sails.config.custom.enableVerboseOnLogin) { - throw Errors.INVALID_CREDENTIALS; - } - throw Errors.INVALID_EMAIL_OR_USERNAME; + + throw sails.config.custom.showDetailedAuthErrors + ? Errors.INVALID_EMAIL_OR_USERNAME + : Errors.INVALID_CREDENTIALS; } if (user.isSso) { @@ -75,10 +75,10 @@ module.exports = { if (!bcrypt.compareSync(inputs.password, user.password)) { sails.log.warn(`Invalid password! (IP: ${remoteAddress})`); - if (!sails.config.custom.enableVerboseOnLogin) { - throw Errors.INVALID_CREDENTIALS; - } - throw Errors.INVALID_PASSWORD; + + throw sails.config.custom.showDetailedAuthErrors + ? Errors.INVALID_PASSWORD + : Errors.INVALID_CREDENTIALS; } const accessToken = sails.helpers.utils.createToken(user.id); diff --git a/server/config/custom.js b/server/config/custom.js index 2bb8a03e..d8d2fcdb 100644 --- a/server/config/custom.js +++ b/server/config/custom.js @@ -34,9 +34,9 @@ module.exports.custom = { defaultAdminEmail: process.env.DEFAULT_ADMIN_EMAIL && process.env.DEFAULT_ADMIN_EMAIL.toLowerCase(), - allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true', + showDetailedAuthErrors: process.env.SHOW_DETAILED_AUTH_ERRORS === 'true', - enableVerboseOnLogin: process.env.ENABLE_VERBOSE_ON_LOGIN ? process.env.ENABLE_VERBOSE_ON_LOGIN === 'true' : false, + allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true', oidcIssuer: process.env.OIDC_ISSUER, oidcClientId: process.env.OIDC_CLIENT_ID,