fix(caldav): no failed login emails for tokens (#1252)
Prevent Vikunja from sending mail notifications for failed login attempts if CalDav token is used. Before, as the provided password value was tested against the user password regardless of whether it was a CalDav token, it triggered a failed login attempt email every three times. Reviewed-on: https://kolaente.dev/vikunja/api/pulls/1252 Reviewed-by: konrad <k@knt.li> Co-authored-by: Luca Bernstein <luca@lucabernstein.com> Co-committed-by: Luca Bernstein <luca@lucabernstein.com>
This commit is contained in:
parent
25609db567
commit
54b7f7127c
1 changed files with 26 additions and 15 deletions
|
@ -22,6 +22,7 @@ import (
|
|||
"code.vikunja.io/api/pkg/db"
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
"code.vikunja.io/api/pkg/user"
|
||||
"xorm.io/xorm"
|
||||
|
||||
"github.com/labstack/echo/v4"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
@ -35,37 +36,47 @@ func BasicAuth(username, password string, c echo.Context) (bool, error) {
|
|||
Username: username,
|
||||
Password: password,
|
||||
}
|
||||
u, err := user.CheckUserCredentials(s, credentials)
|
||||
if err != nil && !user.IsErrWrongUsernameOrPassword(err) && !user.IsErrAccountIsNotLocal(err) {
|
||||
var err error
|
||||
u, err := checkUserCaldavTokens(s, credentials)
|
||||
if user.IsErrUserDoesNotExist(err) {
|
||||
return false, nil
|
||||
}
|
||||
if u == nil {
|
||||
u, err = user.CheckUserCredentials(s, credentials)
|
||||
if err != nil {
|
||||
log.Errorf("Error during basic auth for caldav: %v", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
}
|
||||
if u != nil && err == nil {
|
||||
c.Set("userBasicAuth", u)
|
||||
return true, nil
|
||||
}
|
||||
|
||||
tokens, err := user.GetCaldavTokens(u)
|
||||
if err != nil {
|
||||
log.Errorf("Error while getting tokens for caldav auth: %v", err)
|
||||
return false, nil
|
||||
}
|
||||
|
||||
func checkUserCaldavTokens(s *xorm.Session, login *user.Login) (*user.User, error) {
|
||||
usr, err := user.GetUserByUsername(s, login.Username)
|
||||
if err != nil || usr == nil {
|
||||
log.Warningf("Error while retrieving users from database: %v", err)
|
||||
return nil, err
|
||||
}
|
||||
tokens, err := user.GetCaldavTokens(usr)
|
||||
if err != nil {
|
||||
log.Errorf("Error while getting tokens for caldav auth: %v", err)
|
||||
return nil, err
|
||||
}
|
||||
// Looping over all tokens until we find one that matches
|
||||
for _, token := range tokens {
|
||||
err = bcrypt.CompareHashAndPassword([]byte(token.Token), []byte(password))
|
||||
err = bcrypt.CompareHashAndPassword([]byte(token.Token), []byte(login.Password))
|
||||
if err != nil {
|
||||
if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
|
||||
continue
|
||||
}
|
||||
log.Errorf("Error while verifying tokens for caldav auth: %v", err)
|
||||
return false, nil
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
c.Set("userBasicAuth", u)
|
||||
return true, nil
|
||||
return usr, nil
|
||||
}
|
||||
|
||||
return false, nil
|
||||
return nil, nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue