From aa10e10412ea6538ba11235f5274e8204c61e94e Mon Sep 17 00:00:00 2001 From: Philip Molares Date: Fri, 29 Jan 2021 22:00:47 +0100 Subject: [PATCH] auth: Fix UnauthorizedException throwing Move conversion of Errors from AuthService to TokenStrategy. This is necessary to correctly test the validateToken method. Signed-off-by: Philip Molares --- src/auth/auth.service.ts | 34 ++++++++++++---------------------- src/auth/token.strategy.ts | 15 +++++++++++++-- 2 files changed, 25 insertions(+), 24 deletions(-) diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts index 386ee60eb..3d0d76c5a 100644 --- a/src/auth/auth.service.ts +++ b/src/auth/auth.service.ts @@ -4,7 +4,7 @@ * SPDX-License-Identifier: AGPL-3.0-only */ -import { Injectable, UnauthorizedException } from '@nestjs/common'; +import { Injectable } from '@nestjs/common'; import { UsersService } from '../users/users.service'; import { User } from '../users/user.entity'; import { AuthToken } from './auth-token.entity'; @@ -35,28 +35,18 @@ export class AuthService { } async validateToken(token: string): Promise { - try { - const [keyId, secret] = token.split('.'); - if (secret.length > 72) { - // Only the first 72 characters of the tokens are considered by bcrypt - // This should prevent strange corner cases - // At the very least it won't hurt us - throw new TokenNotValidError( - `AuthToken '${secret}' is too long the be a proper token`, - ); - } - const accessToken = await this.getAuthTokenAndValidate(keyId, secret); - await this.setLastUsedToken(keyId); - return this.usersService.getUserByUsername(accessToken.user.userName); - } catch (error) { - if ( - error instanceof NotInDBError || - error instanceof TokenNotValidError - ) { - throw new UnauthorizedException(error.message); - } - throw error; + const [keyId, secret] = token.split('.'); + if (secret.length > 72) { + // Only the first 72 characters of the tokens are considered by bcrypt + // This should prevent strange corner cases + // At the very least it won't hurt us + throw new TokenNotValidError( + `AuthToken '${secret}' is too long the be a proper token`, + ); } + const accessToken = await this.getAuthTokenAndValidate(keyId, secret); + await this.setLastUsedToken(keyId); + return this.usersService.getUserByUsername(accessToken.user.userName); } async hashPassword(cleartext: string): Promise { diff --git a/src/auth/token.strategy.ts b/src/auth/token.strategy.ts index 4f4f4e002..fe00c8298 100644 --- a/src/auth/token.strategy.ts +++ b/src/auth/token.strategy.ts @@ -6,9 +6,10 @@ import { Strategy } from 'passport-http-bearer'; import { PassportStrategy } from '@nestjs/passport'; -import { Injectable } from '@nestjs/common'; +import { Injectable, UnauthorizedException } from '@nestjs/common'; import { AuthService } from './auth.service'; import { User } from '../users/user.entity'; +import { NotInDBError, TokenNotValidError } from '../errors/errors'; @Injectable() export class TokenStrategy extends PassportStrategy(Strategy, 'token') { @@ -17,6 +18,16 @@ export class TokenStrategy extends PassportStrategy(Strategy, 'token') { } async validate(token: string): Promise { - return this.authService.validateToken(token); + try { + return await this.authService.validateToken(token); + } catch (error) { + if ( + error instanceof NotInDBError || + error instanceof TokenNotValidError + ) { + throw new UnauthorizedException(error.message); + } + throw error; + } } }