Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-18 20:59:44 +02:00
Code Issues Releases Activity

feat: Ability to show detailed auth errors, set to false by default (#860)

Browse source
This commit is contained in:
Aurélien Troncy 2024-08-30 11:47:29 +02:00 committed by GitHub
parent b2e1fba9a0
commit e6644eb745
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 29 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
client/src/components/Login/Login.jsx
View file

@ -18,6 +18,11 @@ const createMessage = (error) => {
}
switch (error.message) {
case 'Invalid credentials':
return {
type: 'error',
content: 'common.invalidCredentials',
};
case 'Invalid email or username':
return {
type: 'error',
@ -116,6 +121,7 @@ const Login = React.memo(
useEffect(() => {
if (wasSubmitting && !isSubmitting && error) {
switch (error.message) {
case 'Invalid credentials':
case 'Invalid email or username':
emailOrUsernameField.current.select();

1
client/src/locales/en-US/login.js
View file

@ -3,6 +3,7 @@ export default {
common: {
emailOrUsername: 'E-mail or username',
invalidEmailOrUsername: 'Invalid e-mail or username',
invalidCredentials: 'Invalid credentials',
invalidPassword: 'Invalid password',
logInToPlanka: 'Log in to Planka',
noInternetConnection: 'No internet connection',

2
docker-compose-dev.yml
View file

@ -24,6 +24,8 @@ services:
# Configure knex to accept SSL certificates
# - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false
# - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
# - ALLOW_ALL_TO_CREATE_PROJECTS=true
# - OIDC_ISSUER=

2
docker-compose.yml
View file

@ -31,6 +31,8 @@ services:
# - DEFAULT_ADMIN_NAME=Demo Demo
# - DEFAULT_ADMIN_USERNAME=demo
# - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
# - ALLOW_ALL_TO_CREATE_PROJECTS=true
# - OIDC_ISSUER=

2
server/.env.sample
View file

@ -22,6 +22,8 @@ SECRET_KEY=notsecretkey
# DEFAULT_ADMIN_NAME=Demo Demo
# DEFAULT_ADMIN_USERNAME=demo
# SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
# ALLOW_ALL_TO_CREATE_PROJECTS=true
# OIDC_ISSUER=

16
server/api/controllers/access-tokens/create.js
View file

@ -4,6 +4,9 @@ const validator = require('validator');
const { getRemoteAddress } = require('../../../utils/remoteAddress');
const Errors = {
INVALID_CREDENTIALS: {
invalidCredentials: 'Invalid credentials',
},
INVALID_EMAIL_OR_USERNAME: {
invalidEmailOrUsername: 'Invalid email or username',
},
@ -34,6 +37,9 @@ module.exports = {
},
exits: {
invalidCredentials: {
responseType: 'unauthorized',
},
invalidEmailOrUsername: {
responseType: 'unauthorized',
},
@ -57,7 +63,10 @@ module.exports = {
sails.log.warn(
`Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${remoteAddress})`,
);
throw Errors.INVALID_EMAIL_OR_USERNAME;
throw sails.config.custom.showDetailedAuthErrors
? Errors.INVALID_EMAIL_OR_USERNAME
: Errors.INVALID_CREDENTIALS;
}
if (user.isSso) {
@ -66,7 +75,10 @@ module.exports = {
if (!bcrypt.compareSync(inputs.password, user.password)) {
sails.log.warn(`Invalid password! (IP: ${remoteAddress})`);
throw Errors.INVALID_PASSWORD;
throw sails.config.custom.showDetailedAuthErrors
? Errors.INVALID_PASSWORD
: Errors.INVALID_CREDENTIALS;
}
const accessToken = sails.helpers.utils.createToken(user.id);

2
server/config/custom.js
View file

@ -34,6 +34,8 @@ module.exports.custom = {
defaultAdminEmail:
process.env.DEFAULT_ADMIN_EMAIL && process.env.DEFAULT_ADMIN_EMAIL.toLowerCase(),
showDetailedAuthErrors: process.env.SHOW_DETAILED_AUTH_ERRORS === 'true',
allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true',
oidcIssuer: process.env.OIDC_ISSUER,