strip info from login request

2022-09-04 14:43:34 +02:00 · 2022-09-04 14:43:34 +02:00 · 485ca2d3ff
parent f602e71520
commit 485ca2d3ff
2 changed files with 20 additions and 6 deletions
--- a/backend/src/collections/user-db/user-db.service.ts
+++ b/backend/src/collections/user-db/user-db.service.ts
@ -166,15 +166,23 @@ export class UserDbService {
    password: string,
  ): AsyncFailable<EUserBackend> {
    const user = await this.findByUsername(username, true);
-    if (HasFailed(user)) return user;
+    if (HasFailed(user)) {
+      if (user.getType() === FT.NotFound)
+        return Fail(
+          FT.Authentication,
+          'Wrong username or password',
+          user.getDebugMessage(),
+        );
+      else return user;
+    }

    if (LockedLoginUsersList.includes(user.username)) {
      // Error should be kept in backend
-      return Fail(FT.Authentication, 'Wrong username');
+      return Fail(FT.Authentication, 'Wrong username or password');
    }

    if (!(await bcrypt.compare(password, user.hashed_password ?? '')))
-      return Fail(FT.Authentication, 'Wrong password');
+      return Fail(FT.Authentication, 'Wrong username or password');

    return await this.findOne(user.id ?? '');
  }
--- a/backend/src/managers/auth/guards/local-auth.strategy.ts
+++ b/backend/src/managers/auth/guards/local-auth.strategy.ts
@ -2,7 +2,9 @@ import { Injectable } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { Strategy } from 'passport-local';
 import { EUser } from 'picsur-shared/dist/entities/user.entity';
-import { AsyncFailable, HasFailed } from 'picsur-shared/dist/types';
+import {
+  AsyncFailable, ThrowIfFailed
+} from 'picsur-shared/dist/types';
 import { UserDbService } from '../../../collections/user-db/user-db.service';
 import { EUserBackend2EUser } from '../../../models/transformers/user.transformer';

@ -13,10 +15,14 @@ export class LocalAuthStrategy extends PassportStrategy(Strategy, 'local') {
  }

  async validate(username: string, password: string): AsyncFailable<EUser> {
+    const start = Date.now();
    // All this does is call the usersservice authenticate for authentication
    const user = await this.usersService.authenticate(username, password);
-    if (HasFailed(user)) throw user;

-    return EUserBackend2EUser(user);
+    // Wait atleast 500ms
+    const wait = 450 - (Date.now() - start);
+    if (wait > 0) await new Promise((r) => setTimeout(r, wait));
+
+    return EUserBackend2EUser(ThrowIfFailed(user));
  }
 }