0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2024-12-16 21:56:25 -05:00

login web endpoint fastify body schema validation (#2653)

* feat: add body schema validation to login endpoint

#2623

When a request is made, the following error is displayed on log
error--- Promise may not be fulfilled with 'undefined' when statusCode is not 204

https://github.com/fastify/fastify/pull/2702

* feat: add body schema validation to resetPassword endpoint

Co-authored-by: Juan Picado <juanpicado19@gmail.com>
This commit is contained in:
Diana Morales 2021-11-10 16:46:39 +01:00 committed by GitHub
parent a88c72d0b2
commit 8246bb69b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -6,70 +6,104 @@ import { JWTSignOptions } from '@verdaccio/types';
import { validatePassword } from '@verdaccio/utils';
const debug = buildDebug('verdaccio:api:login');
const loginBodySchema = {
body: {
type: 'object',
required: ['username', 'password'],
additionalProperties: false,
properties: {
username: { type: 'string' },
password: { type: 'string' },
},
},
};
const resetPasswordSchema = {
body: {
type: 'object',
required: ['password'],
additionalProperties: false,
properties: {
password: { type: 'string' },
},
},
};
async function loginRoute(fastify: FastifyInstance) {
fastify.post('/login', async (request, reply) => {
// @ts-expect-error
const { username, password } = request.body;
debug('authenticate %o', username);
fastify.auth.authenticate(
username,
password,
async function callbackAuthenticate(err, user): Promise<void> {
if (err) {
const errorCode = err.message
? fastify.statusCode.UNAUTHORIZED
: fastify.statusCode.INTERNAL_ERROR;
reply.send(fastify.errorUtils.getCode(errorCode, err.message));
} else {
const jWTSignOptions: JWTSignOptions = fastify.configInstance.security.web.sign;
debug('jwtSignOptions: %o', jWTSignOptions);
const token = await fastify.auth.jwtEncrypt(user, jWTSignOptions);
reply.code(fastify.statusCode.OK).send({ token, username });
}
}
);
});
fastify.put('/reset_password', async (request, reply) => {
if (_.isNil(request.userRemote.name)) {
reply.send(
fastify.errorUtils.getCode(
fastify.statusCode.UNAUTHORIZED,
fastify.errorUtils.API_ERROR.MUST_BE_LOGGED
)
);
}
// @ts-ignore
const { password } = request.body;
const { name } = request.userRemote;
if (validatePassword(password.new) === false) {
fastify.auth.changePassword(
name as string,
password.old,
password.new,
(err, isUpdated): void => {
if (_.isNil(err) && isUpdated) {
reply.code(fastify.statusCode.OK);
fastify.post(
'/login',
{
schema: loginBodySchema,
},
async (request, reply) => {
// @ts-expect-error
const { username, password } = request.body;
debug('authenticate %o', username);
fastify.auth.authenticate(
username,
password,
async function callbackAuthenticate(err, user): Promise<void> {
if (err) {
const errorCode = err.message
? fastify.statusCode.UNAUTHORIZED
: fastify.statusCode.INTERNAL_ERROR;
reply.send(fastify.errorUtils.getCode(errorCode, err.message));
} else {
reply.send(
fastify.errorUtils.getInternalError(
fastify.errorUtils.API_ERROR.INTERNAL_SERVER_ERROR
)
);
const jWTSignOptions: JWTSignOptions = fastify.configInstance.security.web.sign;
debug('jwtSignOptions: %o', jWTSignOptions);
const token = await fastify.auth.jwtEncrypt(user, jWTSignOptions);
reply.code(fastify.statusCode.OK).send({ token, username });
}
}
);
} else {
reply.send(
fastify.errorUtils.getCode(
fastify.statusCode.BAD_REQUEST,
fastify.errorUtils.APP_ERROR.PASSWORD_VALIDATION
)
);
}
});
);
fastify.put(
'/reset_password',
{
schema: resetPasswordSchema,
},
async (request, reply) => {
if (_.isNil(request.userRemote.name)) {
reply.send(
fastify.errorUtils.getCode(
fastify.statusCode.UNAUTHORIZED,
fastify.errorUtils.API_ERROR.MUST_BE_LOGGED
)
);
}
// @ts-ignore
const { password } = request.body;
const { name } = request.userRemote;
if (validatePassword(password.new) === false) {
fastify.auth.changePassword(
name as string,
password.old,
password.new,
(err, isUpdated): void => {
if (_.isNil(err) && isUpdated) {
reply.code(fastify.statusCode.OK);
} else {
reply.send(
fastify.errorUtils.getInternalError(
fastify.errorUtils.API_ERROR.INTERNAL_SERVER_ERROR
)
);
}
}
);
} else {
reply.send(
fastify.errorUtils.getCode(
fastify.statusCode.BAD_REQUEST,
fastify.errorUtils.APP_ERROR.PASSWORD_VALIDATION
)
);
}
}
);
// });
}
export default loginRoute;