Merge pull request #776 from hedgedoc/fix/UnauthorizedException

auth: Fix handling of internal server errors
2025-04-20 16:24:44 +00:00 · 2021-01-29 20:52:36 +01:00 · 2021-01-29 20:52:36 +01:00 · b49c802c79
commit b49c802c79
parent 63b61f304b 84915b61ac
2 changed files with 16 additions and 16 deletions
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@ -4,7 +4,7 @@
 * SPDX-License-Identifier: AGPL-3.0-only
 */

-import { Injectable } from '@nestjs/common';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { UsersService } from '../users/users.service';
 import { User } from '../users/user.entity';
 import { AuthToken } from './auth-token.entity';
@ -35,16 +35,20 @@ export class AuthService {
  }

  async validateToken(token: string): Promise<User> {
-    const [keyId, secret] = token.split('.');
-    const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
-    await this.setLastUsedToken(keyId);
-    const user = await this.usersService.getUserByUsername(
-      accessToken.user.userName,
-    );
-    if (user) {
-      return user;
+    try {
+      const [keyId, secret] = token.split('.');
+      const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
+      await this.setLastUsedToken(keyId);
+      return this.usersService.getUserByUsername(accessToken.user.userName);
+    } catch (error) {
+      if (
+        error instanceof NotInDBError ||
+        error instanceof TokenNotValidError
+      ) {
+        throw new UnauthorizedException(error.message);
+      }
+      throw error;
    }
-    return null;
  }

  async hashPassword(cleartext: string): Promise<string> {
--- a/src/auth/token.strategy.ts
+++ b/src/auth/token.strategy.ts
@ -6,7 +6,7 @@

 import { Strategy } from 'passport-http-bearer';
 import { PassportStrategy } from '@nestjs/passport';
-import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { Injectable } from '@nestjs/common';
 import { AuthService } from './auth.service';
 import { User } from '../users/user.entity';

@ -17,10 +17,6 @@ export class TokenStrategy extends PassportStrategy(Strategy, 'token') {
  }

  async validate(token: string): Promise<User> {
-    const user = await this.authService.validateToken(token);
-    if (!user) {
-      throw new UnauthorizedException();
-    }
-    return user;
+    return this.authService.validateToken(token);
  }
 }