From ebe5da088085287233e2509beef049380d3437d7 Mon Sep 17 00:00:00 2001 From: peintnermax Date: Wed, 18 Sep 2024 15:57:26 +0200 Subject: [PATCH] password error --- apps/login/src/lib/server/password.ts | 54 +++++++++++++-------------- apps/login/src/ui/PasswordForm.tsx | 11 ++++-- 2 files changed, 33 insertions(+), 32 deletions(-) diff --git a/apps/login/src/lib/server/password.ts b/apps/login/src/lib/server/password.ts index e3d6657603d..994eb7759fb 100644 --- a/apps/login/src/lib/server/password.ts +++ b/apps/login/src/lib/server/password.ts @@ -50,6 +50,8 @@ export async function sendPassword(command: UpdateSessionCommand) { let sessionCookie = await getSessionCookieByLoginName({ loginName: command.loginName, organization: command.organization, + }).catch((error) => { + console.warn("Ignored error:", error); }); let session; @@ -70,42 +72,38 @@ export async function sendPassword(command: UpdateSessionCommand) { undefined, command.authRequestId, ); - - if (!session?.factors?.user?.id || !sessionCookie) { - return { error: "Could not create session for user" }; - } } // this is a fake error message to hide that the user does not even exist - return { error: "The password is wrong!" }; + return { error: "Could not verify password!" }; } else { - const updatedSession = await setSessionAndUpdateCookie( + session = await setSessionAndUpdateCookie( sessionCookie, command.checks, undefined, command.authRequestId, ); - - // if password, check if user has MFA methods - let authMethods; - if ( - command.checks && - command.checks.password && - updatedSession.factors?.user?.id - ) { - const response = await listAuthenticationMethodTypes( - updatedSession.factors.user.id, - ); - if (response.authMethodTypes && response.authMethodTypes.length) { - authMethods = response.authMethodTypes; - } - } - - return { - sessionId: updatedSession.id, - factors: updatedSession.factors, - challenges: updatedSession.challenges, - authMethods, - }; } + + if (!session?.factors?.user?.id || !sessionCookie) { + return { error: "Could not create session for user" }; + } + + // if password, check if user has MFA methods + let authMethods; + if (command.checks && command.checks.password && session.factors?.user?.id) { + const response = await listAuthenticationMethodTypes( + session.factors.user.id, + ); + if (response.authMethodTypes && response.authMethodTypes.length) { + authMethods = response.authMethodTypes; + } + } + + return { + sessionId: session.id, + factors: session.factors, + challenges: session.challenges, + authMethods, + }; } diff --git a/apps/login/src/ui/PasswordForm.tsx b/apps/login/src/ui/PasswordForm.tsx index 9201f7e0506..003d40befdb 100644 --- a/apps/login/src/ui/PasswordForm.tsx +++ b/apps/login/src/ui/PasswordForm.tsx @@ -62,6 +62,10 @@ export default function PasswordForm({ setLoading(false); }); + if (response && "error" in response && response.error) { + setError(response.error); + } + setLoading(false); return response; @@ -109,7 +113,6 @@ export default function PasswordForm({ !submitted.authMethods || !submitted.factors?.user?.loginName ) { - setError("Could not verify password"); return; } @@ -119,9 +122,9 @@ export default function PasswordForm({ m !== AuthenticationMethodType.PASSKEY, ); - if (availableSecondFactors.length == 1) { + if (availableSecondFactors?.length == 1) { const params = new URLSearchParams({ - loginName: submitted.factors.user.loginName, + loginName: submitted.factors?.user.loginName, }); if (authRequestId) { @@ -143,7 +146,7 @@ export default function PasswordForm({ } else if (factor === AuthenticationMethodType.U2F) { return router.push(`/u2f?` + params); } - } else if (availableSecondFactors.length >= 1) { + } else if (availableSecondFactors?.length >= 1) { const params = new URLSearchParams({ loginName: submitted.factors.user.loginName, });