github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-19 22:00:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

auth: Fix UnauthorizedException throwing

Browse source 
Move conversion of Errors from AuthService to TokenStrategy.
This is necessary to correctly test the validateToken method.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-29 22:00:47 +01:00
parent 5a727d530b
commit ba517b3cfe
2 changed files with 25 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
src/auth/auth.service.ts
View file

@ -4,7 +4,7 @@
* SPDX-License-Identifier: AGPL-3.0-only * SPDX-License-Identifier: AGPL-3.0-only
*/ */
import { Injectable, UnauthorizedException } from '@nestjs/common'; import { Injectable } from '@nestjs/common';
import { UsersService } from '../users/users.service'; import { UsersService } from '../users/users.service';
import { User } from '../users/user.entity'; import { User } from '../users/user.entity';
import { AuthToken } from './auth-token.entity'; import { AuthToken } from './auth-token.entity';
@ -35,28 +35,18 @@ export class AuthService {
} }
async validateToken(token: string): Promise<User> { async validateToken(token: string): Promise<User> {
try { const [keyId, secret] = token.split('.');
const [keyId, secret] = token.split('.'); if (secret.length > 72) {
if (secret.length > 72) { // Only the first 72 characters of the tokens are considered by bcrypt
// Only the first 72 characters of the tokens are considered by bcrypt // This should prevent strange corner cases
// This should prevent strange corner cases // At the very least it won't hurt us
// At the very least it won't hurt us throw new TokenNotValidError(
throw new TokenNotValidError( `AuthToken '${secret}' is too long the be a proper token`,
`AuthToken '${secret}' is too long the be a proper token`, );
);
}
const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
await this.setLastUsedToken(keyId);
return this.usersService.getUserByUsername(accessToken.user.userName);
} catch (error) {
if (
error instanceof NotInDBError ||
error instanceof TokenNotValidError
) {
throw new UnauthorizedException(error.message);
}
throw error;
} }
const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
await this.setLastUsedToken(keyId);
return this.usersService.getUserByUsername(accessToken.user.userName);
} }
async hashPassword(cleartext: string): Promise<string> { async hashPassword(cleartext: string): Promise<string> {

15
src/auth/token.strategy.ts
View file

@ -6,9 +6,10 @@
import { Strategy } from 'passport-http-bearer'; import { Strategy } from 'passport-http-bearer';
import { PassportStrategy } from '@nestjs/passport'; import { PassportStrategy } from '@nestjs/passport';
import { Injectable } from '@nestjs/common'; import { Injectable, UnauthorizedException } from '@nestjs/common';
import { AuthService } from './auth.service'; import { AuthService } from './auth.service';
import { User } from '../users/user.entity'; import { User } from '../users/user.entity';
import { NotInDBError, TokenNotValidError } from '../errors/errors';
@Injectable() @Injectable()
export class TokenStrategy extends PassportStrategy(Strategy, 'token') { export class TokenStrategy extends PassportStrategy(Strategy, 'token') {
@ -17,6 +18,16 @@ export class TokenStrategy extends PassportStrategy(Strategy, 'token') {
} }
async validate(token: string): Promise<User> { async validate(token: string): Promise<User> {
return this.authService.validateToken(token); try {
return await this.authService.validateToken(token);
} catch (error) {
if (
error instanceof NotInDBError ||
error instanceof TokenNotValidError
) {
throw new UnauthorizedException(error.message);
}
throw error;
}
} }
} }