Merge pull request #7701 from kirrg001/1.0.0-dev/fix-brute-schema

🐛  fix brute

core/server/data/schema/schema.js

@@ -236,8 +236,8 @@ module.exports = {
     },
     brute: {
         key: {type: 'string'},
-        firstRequest: {type: 'timestamp'},
-        lastRequest: {type: 'timestamp'},
+        firstRequest: {type: 'bigInteger'},
+        lastRequest: {type: 'bigInteger'},
         lifetime: {type: 'bigInteger'},
         count: {type: 'integer'}
     }

core/server/middleware/api/spam-prevention.js

@@ -24,7 +24,22 @@ var ExpressBrute = require('express-brute'),
     spamConfigKeys = ['freeRetries', 'minWait', 'maxWait', 'lifetime'];
 
 handleStoreError = function handleStoreError(err) {
-    return new errors.NoPermissionError({message: 'DB error', err: err});
+    var customError = new errors.NoPermissionError({
+        message: 'Unknown error',
+        err: err.parent ? err.parent : err
+    });
+
+    // see https://github.com/AdamPflug/express-brute/issues/45
+    // express-brute does not always forward a callback
+    // we are using reset as synchronous call, so we have to log the error if it occurs
+    // there is no way to try/catch, because the reset operation happens asynchronous
+    if (!err.next) {
+        err.level = 'critical';
+        logging.error(err);
+        return;
+    }
+
+    err.next(customError);
 };
 
 // This is a global endpoint protection mechanism that will lock an endpoint if there are so many

core/test/unit/auth/oauth_spec.js

@@ -4,6 +4,7 @@ var sinon = require('sinon'),
     passport = require('passport'),
     testUtils = require('../../utils'),
     oAuth = require('../../../server/auth/oauth'),
+    spamPrevention = require('../../../server/middleware/api/spam-prevention'),
     api = require('../../../server/api'),
     errors = require('../../../server/errors'),
     models = require('../../../server/models');
@@ -20,6 +21,8 @@ describe('OAuth', function () {
         req = {};
         res = {};
         next = sandbox.spy();
+
+        sandbox.stub(spamPrevention.userLogin, 'reset');
     });
 
     afterEach(function () {
@@ -32,7 +35,6 @@ describe('OAuth', function () {
                 .returns(new Promise.resolve());
             sandbox.stub(models.Refreshtoken, 'destroyAllExpired')
                 .returns(new Promise.resolve());
-
             oAuth.init();
         });
 
@@ -77,6 +79,7 @@ describe('OAuth', function () {
                     json.should.have.property('expires_in');
                     json.should.have.property('token_type', 'Bearer');
                     next.called.should.eql(false);
+                    spamPrevention.userLogin.reset.called.should.eql(true);
                     done();
                 } catch (err) {
                     done(err);

package.json

@@ -31,7 +31,7 @@
     "bluebird": "3.4.6",
     "body-parser": "1.15.2",
     "bookshelf": "0.10.2",
-    "brute-knex": "git://github.com/cobbspur/brute-knex.git#0985c50",
+    "brute-knex": "https://github.com/cobbspur/brute-knex/tarball/0cb28fa8e3230dcbf6bca8b991dbb340b9fff6cc",
     "bunyan": "1.8.1",
     "chalk": "1.1.3",
     "cheerio": "0.22.0",