diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2019-07-19 03:38:05 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2019-07-19 03:38:05 +0900 |
| commit | cd5b24d4eb494a4e9279348639e30b28bcdaa9f9 (patch) | |
| tree | abc65a9511b5affbcfd2ff063c8eda2c6251c637 /src/server/api/private | |
| parent | Merge branch 'develop' (diff) | |
| parent | 11.26.0 (diff) | |
| download | misskey-cd5b24d4eb494a4e9279348639e30b28bcdaa9f9.tar.gz misskey-cd5b24d4eb494a4e9279348639e30b28bcdaa9f9.tar.bz2 misskey-cd5b24d4eb494a4e9279348639e30b28bcdaa9f9.zip | |
Merge branch 'develop'
Diffstat (limited to 'src/server/api/private')
| -rw-r--r-- | src/server/api/private/signin.ts | 22 | ||||
| -rw-r--r-- | src/server/api/private/signup.ts | 19 |
2 files changed, 27 insertions, 14 deletions
diff --git a/src/server/api/private/signin.ts b/src/server/api/private/signin.ts index eb267aa604..de0e35f500 100644 --- a/src/server/api/private/signin.ts +++ b/src/server/api/private/signin.ts @@ -1,7 +1,6 @@ import * as Koa from 'koa'; import * as bcrypt from 'bcryptjs'; import * as speakeasy from 'speakeasy'; -import { publishMainStream } from '../../../services/stream'; import signin from '../common/signin'; import config from '../../../config'; import { Users, Signins, UserProfiles, UserSecurityKeys, AttestationChallenges } from '../../../models'; @@ -53,34 +52,30 @@ export default async (ctx: Koa.BaseContext) => { // Compare password const same = await bcrypt.compare(password, profile.password!); - async function fail(status?: number, failure?: {error: string}) { + async function fail(status?: number, failure?: { error: string }) { // Append signin history - const record = await Signins.save({ + await Signins.save({ id: genId(), createdAt: new Date(), userId: user.id, ip: ctx.ip, headers: ctx.headers, - success: !!(status || failure) + success: false }); - // Publish signin event - publishMainStream(user.id, 'signin', await Signins.pack(record)); - - if (status && failure) { - ctx.throw(status, failure); - } + ctx.throw(status || 500, failure || { error: 'someting happened' }); } if (!profile.twoFactorEnabled) { if (same) { signin(ctx, user); + return; } else { await fail(403, { error: 'incorrect password' }); + return; } - return; } if (token) { @@ -169,6 +164,7 @@ export default async (ctx: Koa.BaseContext) => { if (isValid) { signin(ctx, user); + return; } else { await fail(403, { error: 'invalid challenge data' @@ -191,6 +187,7 @@ export default async (ctx: Koa.BaseContext) => { await fail(403, { error: 'no keys found' }); + return; } // 32 byte challenge @@ -219,6 +216,5 @@ export default async (ctx: Koa.BaseContext) => { ctx.status = 200; return; } - - await fail(); + // never get here }; diff --git a/src/server/api/private/signup.ts b/src/server/api/private/signup.ts index ca197a6611..026fe7485b 100644 --- a/src/server/api/private/signup.ts +++ b/src/server/api/private/signup.ts @@ -5,7 +5,7 @@ import generateUserToken from '../common/generate-native-user-token'; import config from '../../../config'; import { fetchMeta } from '../../../misc/fetch-meta'; import * as recaptcha from 'recaptcha-promise'; -import { Users, RegistrationTickets } from '../../../models'; +import { Users, Signins, RegistrationTickets } from '../../../models'; import { genId } from '../../../misc/gen-id'; import { usersChart } from '../../../services/chart'; import { User } from '../../../models/entities/user'; @@ -104,6 +104,13 @@ export default async (ctx: Koa.BaseContext) => { // Start transaction await getConnection().transaction(async transactionalEntityManager => { + const exist = await transactionalEntityManager.findOne(User, { + usernameLower: username.toLowerCase(), + host: null + }); + + if (exist) throw 'already registered'; + account = await transactionalEntityManager.save(new User({ id: genId(), createdAt: new Date(), @@ -130,6 +137,16 @@ export default async (ctx: Koa.BaseContext) => { usersChart.update(account, true); + // Append signin history + await Signins.save({ + id: genId(), + createdAt: new Date(), + userId: account.id, + ip: ctx.ip, + headers: ctx.headers, + success: true + }); + const res = await Users.pack(account, account, { detail: true, includeSecrets: true |