feat: Ability to show detailed auth errors, set to false by default (#860)

2025-07-19 13:19:44 +02:00 · 2024-08-30 11:47:29 +02:00 · 2024-08-30 11:47:29 +02:00 · ccfc621d51
commit ccfc621d51
parent 573e6b65ba
7 changed files with 29 additions and 2 deletions
--- a/server/api/controllers/access-tokens/create.js
+++ b/server/api/controllers/access-tokens/create.js
@ -4,6 +4,9 @@ const validator = require('validator');
 const { getRemoteAddress } = require('../../../utils/remoteAddress');

 const Errors = {
+  INVALID_CREDENTIALS: {
+    invalidCredentials: 'Invalid credentials',
+  },
  INVALID_EMAIL_OR_USERNAME: {
    invalidEmailOrUsername: 'Invalid email or username',
  },
@ -34,6 +37,9 @@ module.exports = {
  },

  exits: {
+    invalidCredentials: {
+      responseType: 'unauthorized',
+    },
    invalidEmailOrUsername: {
      responseType: 'unauthorized',
    },
@ -57,7 +63,10 @@ module.exports = {
      sails.log.warn(
        `Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${remoteAddress})`,
      );
-      throw Errors.INVALID_EMAIL_OR_USERNAME;
+
+      throw sails.config.custom.showDetailedAuthErrors
+        ? Errors.INVALID_EMAIL_OR_USERNAME
+        : Errors.INVALID_CREDENTIALS;
    }

    if (user.isSso) {
@ -66,7 +75,10 @@ module.exports = {

    if (!bcrypt.compareSync(inputs.password, user.password)) {
      sails.log.warn(`Invalid password! (IP: ${remoteAddress})`);
-      throw Errors.INVALID_PASSWORD;
+
+      throw sails.config.custom.showDetailedAuthErrors
+        ? Errors.INVALID_PASSWORD
+        : Errors.INVALID_CREDENTIALS;
    }

    const accessToken = sails.helpers.utils.createToken(user.id);