Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-19 05:09:43 +02:00
Code Issues Releases Activity

feat: Ability to show detailed auth errors, set to false by default (#860)

Browse source
This commit is contained in:
Aurélien Troncy 2024-08-30 11:47:29 +02:00 committed by GitHub
parent b2e1fba9a0
commit e6644eb745
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 29 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
client/src/components/Login/Login.jsx
View file

@ -18,6 +18,11 @@ const createMessage = (error) => {
} }
switch (error.message) { switch (error.message) {
case 'Invalid credentials':
return {
type: 'error',
content: 'common.invalidCredentials',
};
case 'Invalid email or username': case 'Invalid email or username':
return { return {
type: 'error', type: 'error',
@ -116,6 +121,7 @@ const Login = React.memo(
useEffect(() => { useEffect(() => {
if (wasSubmitting && !isSubmitting && error) { if (wasSubmitting && !isSubmitting && error) {
switch (error.message) { switch (error.message) {
case 'Invalid credentials':
case 'Invalid email or username': case 'Invalid email or username':
emailOrUsernameField.current.select(); emailOrUsernameField.current.select();

1
client/src/locales/en-US/login.js
View file

@ -3,6 +3,7 @@ export default {
common: { common: {
emailOrUsername: 'E-mail or username', emailOrUsername: 'E-mail or username',
invalidEmailOrUsername: 'Invalid e-mail or username', invalidEmailOrUsername: 'Invalid e-mail or username',
invalidCredentials: 'Invalid credentials',
invalidPassword: 'Invalid password', invalidPassword: 'Invalid password',
logInToPlanka: 'Log in to Planka', logInToPlanka: 'Log in to Planka',
noInternetConnection: 'No internet connection', noInternetConnection: 'No internet connection',

2
docker-compose-dev.yml
View file

@ -24,6 +24,8 @@ services:
# Configure knex to accept SSL certificates # Configure knex to accept SSL certificates
# - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false
# - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
# - ALLOW_ALL_TO_CREATE_PROJECTS=true # - ALLOW_ALL_TO_CREATE_PROJECTS=true
# - OIDC_ISSUER= # - OIDC_ISSUER=

2
docker-compose.yml
View file

@ -31,6 +31,8 @@ services:
# - DEFAULT_ADMIN_NAME=Demo Demo # - DEFAULT_ADMIN_NAME=Demo Demo
# - DEFAULT_ADMIN_USERNAME=demo # - DEFAULT_ADMIN_USERNAME=demo
# - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
# - ALLOW_ALL_TO_CREATE_PROJECTS=true # - ALLOW_ALL_TO_CREATE_PROJECTS=true
# - OIDC_ISSUER= # - OIDC_ISSUER=

2
server/.env.sample
View file

@ -22,6 +22,8 @@ SECRET_KEY=notsecretkey
# DEFAULT_ADMIN_NAME=Demo Demo # DEFAULT_ADMIN_NAME=Demo Demo
# DEFAULT_ADMIN_USERNAME=demo # DEFAULT_ADMIN_USERNAME=demo
# SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
# ALLOW_ALL_TO_CREATE_PROJECTS=true # ALLOW_ALL_TO_CREATE_PROJECTS=true
# OIDC_ISSUER= # OIDC_ISSUER=

16
server/api/controllers/access-tokens/create.js
View file

@ -4,6 +4,9 @@ const validator = require('validator');
const { getRemoteAddress } = require('../../../utils/remoteAddress'); const { getRemoteAddress } = require('../../../utils/remoteAddress');
const Errors = { const Errors = {
INVALID_CREDENTIALS: {
invalidCredentials: 'Invalid credentials',
},
INVALID_EMAIL_OR_USERNAME: { INVALID_EMAIL_OR_USERNAME: {
invalidEmailOrUsername: 'Invalid email or username', invalidEmailOrUsername: 'Invalid email or username',
}, },
@ -34,6 +37,9 @@ module.exports = {
}, },
exits: { exits: {
invalidCredentials: {
responseType: 'unauthorized',
},
invalidEmailOrUsername: { invalidEmailOrUsername: {
responseType: 'unauthorized', responseType: 'unauthorized',
}, },
@ -57,7 +63,10 @@ module.exports = {
sails.log.warn( sails.log.warn(
`Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${remoteAddress})`, `Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${remoteAddress})`,
); );
throw Errors.INVALID_EMAIL_OR_USERNAME;
throw sails.config.custom.showDetailedAuthErrors
? Errors.INVALID_EMAIL_OR_USERNAME
: Errors.INVALID_CREDENTIALS;
} }
if (user.isSso) { if (user.isSso) {
@ -66,7 +75,10 @@ module.exports = {
if (!bcrypt.compareSync(inputs.password, user.password)) { if (!bcrypt.compareSync(inputs.password, user.password)) {
sails.log.warn(`Invalid password! (IP: ${remoteAddress})`); sails.log.warn(`Invalid password! (IP: ${remoteAddress})`);
throw Errors.INVALID_PASSWORD;
throw sails.config.custom.showDetailedAuthErrors
? Errors.INVALID_PASSWORD
: Errors.INVALID_CREDENTIALS;
} }
const accessToken = sails.helpers.utils.createToken(user.id); const accessToken = sails.helpers.utils.createToken(user.id);

2
server/config/custom.js
View file

@ -34,6 +34,8 @@ module.exports.custom = {
defaultAdminEmail: defaultAdminEmail:
process.env.DEFAULT_ADMIN_EMAIL && process.env.DEFAULT_ADMIN_EMAIL.toLowerCase(), process.env.DEFAULT_ADMIN_EMAIL && process.env.DEFAULT_ADMIN_EMAIL.toLowerCase(),
showDetailedAuthErrors: process.env.SHOW_DETAILED_AUTH_ERRORS === 'true',
allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true', allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true',
oidcIssuer: process.env.OIDC_ISSUER, oidcIssuer: process.env.OIDC_ISSUER,