fixes bug with password auth

2020-05-16 10:52:03 -04:00
parent 4616b06d18
commit 8a1d489f4b
5 changed files with 20 additions and 3 deletions
--- a/src/client/components/Routes.js
+++ b/src/client/components/Routes.js
@@ -15,7 +15,6 @@ import Edit from './views/collections/Edit';
 import EditGlobal from './views/Global';
 import { requests } from '../api';
 import customComponents from './customComponents';
-import RedirectToLogin from './utilities/RedirectToLogin';
 import ResetPassword from './views/ResetPassword';
 import Unauthorized from './views/Unauthorized';
 import Loading from './elements/Loading';
--- a/src/errors/AuthenticationError.js
+++ b/src/errors/AuthenticationError.js
@@ -0,0 +1,10 @@
+const httpStatus = require('http-status');
+const APIError = require('./APIError');
+
+class AuthenticationError extends APIError {
+  constructor() {
+    super('The username or password provided is incorrect.', httpStatus.BAD_REQUEST);
+  }
+}
+
+module.exports = AuthenticationError;
--- a/src/errors/index.js
+++ b/src/errors/index.js
@@ -1,4 +1,5 @@
 const APIError = require('./APIError');
+const AuthenticationError = require('./AuthenticationError');
 const DuplicateCollection = require('./DuplicateCollection');
 const DuplicateGlobal = require('./DuplicateGlobal');
 const MissingCollectionLabel = require('./MissingCollectionLabel');
@@ -11,6 +12,7 @@ const MissingFile = require('./MissingFile');

 module.exports = {
  APIError,
+  AuthenticationError,
  DuplicateCollection,
  DuplicateGlobal,
  MissingCollectionLabel,
--- a/src/users/init.js
+++ b/src/users/init.js
@@ -1,6 +1,7 @@
 const mongoose = require('mongoose');
 const passport = require('passport');
 const AnonymousStrategy = require('passport-anonymous');
+const LocalStrategy = require('passport-local').Strategy;
 const passportLocalMongoose = require('passport-local-mongoose');
 const jwtStrategy = require('./strategies/jwt');
 const apiKeyStrategy = require('./strategies/apiKey');
@@ -20,6 +21,7 @@ function initUser() {
    Model: mongoose.model(this.config.User.slug, userSchema),
  };

+  passport.use(new LocalStrategy(this.User.Model.authenticate()));
  passport.use(this.User.Model.createStrategy());
  passport.use(apiKeyStrategy(this.User));
  passport.use(jwtStrategy(this.User));
--- a/src/users/operations/login.js
+++ b/src/users/operations/login.js
@@ -1,5 +1,5 @@
 const jwt = require('jsonwebtoken');
-const { Forbidden } = require('../../errors');
+const { Forbidden, AuthenticationError } = require('../../errors');

 const login = async (args) => {
  try {
@@ -35,7 +35,11 @@ const login = async (args) => {

    if (!user) throw new Forbidden();

-    await user.authenticate(password);
+    const authResult = await user.authenticate(password);
+
+    if (!authResult.user) {
+      throw new AuthenticationError();
+    }

    const fieldsToSign = config.fields.reduce((signedFields, field) => {
      if (field.saveToJWT) {