mirror of
https://github.com/logto-io/logto.git
synced 2024-12-30 20:33:54 -05:00
refactor: refine sign-in errors
This commit is contained in:
parent
405513c977
commit
f422c3ae3f
5 changed files with 49 additions and 21 deletions
|
@ -0,0 +1,11 @@
|
|||
export enum SignInErrorCode {
|
||||
InvalidCredentials = 'sign_in.invalid_credentials',
|
||||
InvalidSignInMethod = 'sign_in.invalid_sign_in_method',
|
||||
InsufficientInfo = 'sign_in.insufficient_info',
|
||||
}
|
||||
|
||||
export const signInErrorMessage: Record<SignInErrorCode, string> = {
|
||||
[SignInErrorCode.InvalidCredentials]: 'Invalid credentials. Please check your input.',
|
||||
[SignInErrorCode.InvalidSignInMethod]: 'Current sign-in method is not available.',
|
||||
[SignInErrorCode.InsufficientInfo]: 'Insufficent sign-in info.',
|
||||
};
|
|
@ -3,10 +3,12 @@ import { guardErrorMessage } from './collection/guard-errors';
|
|||
import { oidcErrorMessage } from './collection/oidc-errors';
|
||||
import { registerErrorMessage } from './collection/register-errors';
|
||||
import { swaggerErrorMessage } from './collection/swagger-errors';
|
||||
import { signInErrorMessage } from './collection/sign-in-errors';
|
||||
|
||||
export const requestErrorMessage: Record<RequestErrorCode, string> = {
|
||||
...guardErrorMessage,
|
||||
...oidcErrorMessage,
|
||||
...registerErrorMessage,
|
||||
...swaggerErrorMessage,
|
||||
...signInErrorMessage,
|
||||
};
|
||||
|
|
|
@ -2,14 +2,16 @@ import { GuardErrorCode } from './collection/guard-errors';
|
|||
import { OidcErrorCode } from './collection/oidc-errors';
|
||||
import { RegisterErrorCode } from './collection/register-errors';
|
||||
import { SwaggerErrorCode } from './collection/swagger-errors';
|
||||
import { SignInErrorCode } from './collection/sign-in-errors';
|
||||
|
||||
export { GuardErrorCode, OidcErrorCode, SwaggerErrorCode, RegisterErrorCode };
|
||||
export { GuardErrorCode, OidcErrorCode, SwaggerErrorCode, RegisterErrorCode, SignInErrorCode };
|
||||
|
||||
export type RequestErrorCode =
|
||||
| GuardErrorCode
|
||||
| OidcErrorCode
|
||||
| RegisterErrorCode
|
||||
| SwaggerErrorCode;
|
||||
| SwaggerErrorCode
|
||||
| SignInErrorCode;
|
||||
|
||||
export type RequestErrorMetadata = {
|
||||
code: RequestErrorCode;
|
||||
|
|
|
@ -3,7 +3,7 @@ import proxy from 'koa-proxies';
|
|||
// CAUTION: this is for testing only
|
||||
export default function uiProxy() {
|
||||
return proxy(/^\/(?!api|oidc).*$/, {
|
||||
target: 'http://localhost:3000',
|
||||
target: 'http://localhost:5000',
|
||||
changeOrigin: true,
|
||||
logs: true,
|
||||
});
|
||||
|
|
|
@ -6,7 +6,7 @@ import { findUserById } from '@/queries/user';
|
|||
import { Provider } from 'oidc-provider';
|
||||
import { conditional } from '@logto/essentials';
|
||||
import koaGuard from '@/middleware/koa-guard';
|
||||
import { OidcErrorCode } from '@/errors/RequestError';
|
||||
import RequestError, { OidcErrorCode, SignInErrorCode } from '@/errors/RequestError';
|
||||
|
||||
export default function signInRoutes(provider: Provider) {
|
||||
const router = new Router();
|
||||
|
@ -22,25 +22,38 @@ export default function signInRoutes(provider: Provider) {
|
|||
if (name === 'login') {
|
||||
const { id, password } = ctx.guard.body;
|
||||
|
||||
assert(id && password, 'Insufficent sign-in info.');
|
||||
const { passwordEncrypted, passwordEncryptionMethod, passwordEncryptionSalt } =
|
||||
await findUserById(id);
|
||||
assert(id && password, new RequestError(SignInErrorCode.InsufficientInfo));
|
||||
|
||||
assert(passwordEncrypted && passwordEncryptionMethod && passwordEncryptionSalt);
|
||||
assert(
|
||||
encryptPassword(id, password, passwordEncryptionSalt, passwordEncryptionMethod) ===
|
||||
passwordEncrypted
|
||||
);
|
||||
try {
|
||||
const { passwordEncrypted, passwordEncryptionMethod, passwordEncryptionSalt } =
|
||||
await findUserById(id);
|
||||
|
||||
const redirectTo = await provider.interactionResult(
|
||||
ctx.req,
|
||||
ctx.res,
|
||||
{
|
||||
login: { accountId: id },
|
||||
},
|
||||
{ mergeWithLastSubmission: false }
|
||||
);
|
||||
ctx.body = { redirectTo };
|
||||
assert(
|
||||
passwordEncrypted && passwordEncryptionMethod && passwordEncryptionSalt,
|
||||
new RequestError(SignInErrorCode.InvalidSignInMethod)
|
||||
);
|
||||
assert(
|
||||
encryptPassword(id, password, passwordEncryptionSalt, passwordEncryptionMethod) ===
|
||||
passwordEncrypted,
|
||||
new RequestError(SignInErrorCode.InvalidCredentials)
|
||||
);
|
||||
|
||||
const redirectTo = await provider.interactionResult(
|
||||
ctx.req,
|
||||
ctx.res,
|
||||
{
|
||||
login: { accountId: id },
|
||||
},
|
||||
{ mergeWithLastSubmission: false }
|
||||
);
|
||||
ctx.body = { redirectTo };
|
||||
} catch (error: unknown) {
|
||||
if (!(error instanceof RequestError)) {
|
||||
throw new RequestError(SignInErrorCode.InvalidCredentials);
|
||||
}
|
||||
|
||||
throw error;
|
||||
}
|
||||
} else if (name === 'consent') {
|
||||
ctx.body = { redirectTo: ctx.request.origin + '/sign-in/consent' };
|
||||
} else {
|
||||
|
|
Loading…
Reference in a new issue