mylesmarkevich/standardnotes-server
1
0
Fork 0
mirror of https://github.com/standardnotes/server synced 2026-01-16 20:04:32 -05:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

fix(auth): add pseudo u2f params on non existing accounts

Browse Source
This commit is contained in:
Karol Sójko
2023-01-24 14:17:52 +01:00
parent 2d2342f9ee
commit e4c65ca631
10 changed files with 64 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.pnp.cjs generated
View File

@@ -2734,10 +2734,10 @@ const RAW_RUNTIME_STATE =
}]\
]],\
["@standardnotes/api", [\
["npm:1.24.9", {\
"packageLocation": "./.yarn/cache/@standardnotes-api-npm-1.24.9-b92f13a962-73bfd0fe3b.zip/node_modules/@standardnotes/api/",\
["npm:1.24.10", {\
"packageLocation": "./.yarn/cache/@standardnotes-api-npm-1.24.10-63391538ba-1b9a97fdd8.zip/node_modules/@standardnotes/api/",\
"packageDependencies": [\
["@standardnotes/api", "npm:1.24.9"],\
["@standardnotes/api", "npm:1.24.10"],\
["@standardnotes/common", "workspace:packages/common"],\
["@standardnotes/domain-core", "workspace:packages/domain-core"],\
["@standardnotes/encryption", "npm:1.21.9"],\
@@ -2808,7 +2808,7 @@ const RAW_RUNTIME_STATE =
["@sentry/tracing", "npm:7.28.1"],\
["@simplewebauthn/server", "npm:7.0.0"],\
["@simplewebauthn/typescript-types", "npm:7.0.0"],\
["@standardnotes/api", "npm:1.24.9"],\
["@standardnotes/api", "npm:1.24.10"],\
["@standardnotes/common", "workspace:packages/common"],\
["@standardnotes/domain-core", "workspace:packages/domain-core"],\
["@standardnotes/domain-events", "workspace:packages/domain-events"],\
@@ -3137,7 +3137,7 @@ const RAW_RUNTIME_STATE =
["@standardnotes/revisions-server", "workspace:packages/revisions"],\
["@newrelic/winston-enricher", "virtual:c66bf20e88479ada0172094776519a9f51acc4731d22079b60a295bcec7ea42d5545cbce58a77a50d932bf953298799135e99707486e343da6d99ba1d167bdbd#npm:4.0.0"],\
["@sentry/node", "npm:7.28.1"],\
["@standardnotes/api", "npm:1.24.9"],\
["@standardnotes/api", "npm:1.24.10"],\
["@standardnotes/common", "workspace:packages/common"],\
["@standardnotes/domain-core", "workspace:packages/domain-core"],\
["@standardnotes/domain-events", "workspace:packages/domain-events"],\
@@ -3316,7 +3316,7 @@ const RAW_RUNTIME_STATE =
["@newrelic/winston-enricher", "virtual:c66bf20e88479ada0172094776519a9f51acc4731d22079b60a295bcec7ea42d5545cbce58a77a50d932bf953298799135e99707486e343da6d99ba1d167bdbd#npm:4.0.0"],\
["@sentry/node", "npm:7.28.1"],\
["@sentry/tracing", "npm:7.28.1"],\
["@standardnotes/api", "npm:1.24.9"],\
["@standardnotes/api", "npm:1.24.10"],\
["@standardnotes/common", "workspace:packages/common"],\
["@standardnotes/domain-core", "workspace:packages/domain-core"],\
["@standardnotes/domain-events", "workspace:packages/domain-events"],\
@@ -3416,7 +3416,7 @@ const RAW_RUNTIME_STATE =
["@standardnotes/websockets-server", "workspace:packages/websockets"],\
["@newrelic/winston-enricher", "virtual:c66bf20e88479ada0172094776519a9f51acc4731d22079b60a295bcec7ea42d5545cbce58a77a50d932bf953298799135e99707486e343da6d99ba1d167bdbd#npm:4.0.0"],\
["@sentry/node", "npm:7.28.1"],\
["@standardnotes/api", "npm:1.24.9"],\
["@standardnotes/api", "npm:1.24.10"],\
["@standardnotes/common", "workspace:packages/common"],\
["@standardnotes/domain-core", "workspace:packages/domain-core"],\
["@standardnotes/domain-events", "workspace:packages/domain-events"],\
@@ -3458,7 +3458,7 @@ const RAW_RUNTIME_STATE =
["@standardnotes/workspace-server", "workspace:packages/workspace"],\
["@newrelic/winston-enricher", "virtual:c66bf20e88479ada0172094776519a9f51acc4731d22079b60a295bcec7ea42d5545cbce58a77a50d932bf953298799135e99707486e343da6d99ba1d167bdbd#npm:4.0.0"],\
["@sentry/node", "npm:7.28.1"],\
["@standardnotes/api", "npm:1.24.9"],\
["@standardnotes/api", "npm:1.24.10"],\
["@standardnotes/common", "workspace:packages/common"],\
["@standardnotes/domain-core", "workspace:packages/domain-core"],\
["@standardnotes/domain-events", "workspace:packages/domain-events"],\

BIN
.yarn/cache/@standardnotes-api-npm-1.24.9-b92f13a962-73bfd0fe3b.zip → .yarn/cache/@standardnotes-api-npm-1.24.10-63391538ba-1b9a97fdd8.zip vendored
View File

Binary file not shown.

2
packages/auth/package.json
View File

@@ -38,7 +38,7 @@
"@sentry/node": "^7.28.1",
"@sentry/tracing": "^7.28.1",
"@simplewebauthn/server": "^7.0.0",
"@standardnotes/api": "^1.24.9",
"@standardnotes/api": "^1.24.10",
"@standardnotes/common": "workspace:*",
"@standardnotes/domain-core": "workspace:^",
"@standardnotes/domain-events": "workspace:*",

17
packages/auth/src/Domain/UseCase/VerifyMFA.spec.ts
View File

@@ -114,7 +114,7 @@ describe('VerifyMFA', () => {
})
it('should not pass MFA verification if user is not found and pseudo mfa is required', async () => {
booleanSelector.select = jest.fn().mockReturnValue(true)
booleanSelector.select = jest.fn().mockReturnValueOnce(true).mockReturnValueOnce(false)
userRepository.findOneByEmail = jest.fn().mockReturnValue(null)
expect(
@@ -240,6 +240,19 @@ describe('VerifyMFA', () => {
authenticatorRepository.findByUserUuid = jest.fn().mockReturnValue([{} as jest.Mocked<Authenticator>])
})
it('should not pass if user is not found and pseudo u2f is required', async () => {
booleanSelector.select = jest.fn().mockReturnValueOnce(false).mockReturnValueOnce(true)
userRepository.findOneByEmail = jest.fn().mockReturnValue(null)
expect(
await createVerifyMFA().execute({ email: 'test@test.te', requestParams: {}, preventOTPFromFurtherUsage: true }),
).toEqual({
success: false,
errorTag: 'u2f-required',
errorMessage: 'Please authenticate with your U2F device.',
})
})
it('should not pass if the user has an invalid uuid', async () => {
userRepository.findOneByEmail = jest.fn().mockReturnValue({ uuid: 'invalid' } as jest.Mocked<User>)
@@ -264,7 +277,7 @@ describe('VerifyMFA', () => {
}),
).toEqual({
success: false,
errorTag: 'mfa-required',
errorTag: 'u2f-required',
errorMessage: 'Please authenticate with your U2F device.',
})
})

38
packages/auth/src/Domain/UseCase/VerifyMFA.ts
View File

@@ -42,19 +42,35 @@ export class VerifyMFA implements UseCaseInterface {
.createHash('sha256')
.update(`mfa-selector-${dto.email}${this.pseudoKeyParamsKey}`)
.digest('hex')
const u2fSelectorHash = crypto
.createHash('sha256')
.update(`u2f-selector-${dto.email}${this.pseudoKeyParamsKey}`)
.digest('hex')
const isPseudoMFARequired = this.booleanSelector.select(mfaSelectorHash, [true, false])
return isPseudoMFARequired
? {
success: false,
errorTag: ErrorTag.MfaRequired,
errorMessage: 'Please enter your two-factor authentication code.',
errorPayload: { mfa_key: `mfa_${uuidv4()}` },
}
: {
success: true,
}
const isPseudoU2FRequired = this.booleanSelector.select(u2fSelectorHash, [true, false])
if (isPseudoMFARequired) {
return {
success: false,
errorTag: ErrorTag.MfaRequired,
errorMessage: 'Please enter your two-factor authentication code.',
errorPayload: { mfa_key: `mfa_${uuidv4()}` },
}
}
if (isPseudoU2FRequired) {
return {
success: false,
errorTag: ErrorTag.U2FRequired,
errorMessage: 'Please authenticate with your U2F device.',
}
}
return {
success: true,
}
}
const userUuidOrError = Uuid.create(user.uuid)
@@ -88,7 +104,7 @@ export class VerifyMFA implements UseCaseInterface {
if (!dto.requestParams.authenticator_response) {
return {
success: false,
errorTag: ErrorTag.MfaRequired,
errorTag: ErrorTag.U2FRequired,
errorMessage: 'Please authenticate with your U2F device.',
}
}

2
packages/revisions/package.json
View File

@@ -25,7 +25,7 @@
"dependencies": {
"@newrelic/winston-enricher": "^4.0.0",
"@sentry/node": "^7.28.1",
"@standardnotes/api": "^1.24.9",
"@standardnotes/api": "^1.24.10",
"@standardnotes/common": "workspace:^",
"@standardnotes/domain-core": "workspace:^",
"@standardnotes/domain-events": "workspace:*",

2
packages/syncing-server/package.json
View File

@@ -29,7 +29,7 @@
"@newrelic/winston-enricher": "^4.0.0",
"@sentry/node": "^7.28.1",
"@sentry/tracing": "^7.28.1",
"@standardnotes/api": "^1.24.9",
"@standardnotes/api": "^1.24.10",
"@standardnotes/common": "workspace:*",
"@standardnotes/domain-core": "workspace:^",
"@standardnotes/domain-events": "workspace:*",

2
packages/websockets/package.json
View File

@@ -24,7 +24,7 @@
"dependencies": {
"@newrelic/winston-enricher": "^4.0.0",
"@sentry/node": "^7.28.1",
"@standardnotes/api": "^1.24.9",
"@standardnotes/api": "^1.24.10",
"@standardnotes/common": "workspace:^",
"@standardnotes/domain-core": "workspace:^",
"@standardnotes/domain-events": "workspace:^",

2
packages/workspace/package.json
View File

@@ -24,7 +24,7 @@
"dependencies": {
"@newrelic/winston-enricher": "^4.0.0",
"@sentry/node": "^7.28.1",
"@standardnotes/api": "^1.24.9",
"@standardnotes/api": "^1.24.10",
"@standardnotes/common": "workspace:*",
"@standardnotes/domain-core": "workspace:^",
"@standardnotes/domain-events": "workspace:^",

18
yarn.lock
View File

@@ -2005,9 +2005,9 @@ __metadata:
languageName: unknown
linkType: soft
"@standardnotes/api@npm:^1.24.9":
version: 1.24.9
resolution: "@standardnotes/api@npm:1.24.9"
"@standardnotes/api@npm:^1.24.10":
version: 1.24.10
resolution: "@standardnotes/api@npm:1.24.10"
dependencies:
"@standardnotes/common": "npm:^1.46.4"
"@standardnotes/domain-core": "npm:^1.11.1"
@@ -2017,7 +2017,7 @@ __metadata:
"@standardnotes/security": "npm:^1.7.5"
"@standardnotes/utils": "npm:1.16.3"
reflect-metadata: "npm:^0.1.13"
checksum: 73bfd0fe3b045cf227404b42f4ea42c7ac581b1896ecb777febbce8d34faa3434ef2f7aa769930ab2e1a69abfc3140df1aa7699b2b45516d75c2eea82ceee038
checksum: 1b9a97fdd8f2951dac9f9c8d730b23825e4093a3c882004128e618f43de64d1c9050f3de0609bd0ff3999a8bfce2d203a2bce36d2132be3cd42ea7f310509620
languageName: node
linkType: hard
@@ -2032,7 +2032,7 @@ __metadata:
"@sentry/tracing": "npm:^7.28.1"
"@simplewebauthn/server": "npm:^7.0.0"
"@simplewebauthn/typescript-types": "npm:^7.0.0"
"@standardnotes/api": "npm:^1.24.9"
"@standardnotes/api": "npm:^1.24.10"
"@standardnotes/common": "workspace:*"
"@standardnotes/domain-core": "workspace:^"
"@standardnotes/domain-events": "workspace:*"
@@ -2342,7 +2342,7 @@ __metadata:
dependencies:
"@newrelic/winston-enricher": "npm:^4.0.0"
"@sentry/node": "npm:^7.28.1"
"@standardnotes/api": "npm:^1.24.9"
"@standardnotes/api": "npm:^1.24.10"
"@standardnotes/common": "workspace:^"
"@standardnotes/domain-core": "workspace:^"
"@standardnotes/domain-events": "workspace:*"
@@ -2509,7 +2509,7 @@ __metadata:
"@newrelic/winston-enricher": "npm:^4.0.0"
"@sentry/node": "npm:^7.28.1"
"@sentry/tracing": "npm:^7.28.1"
"@standardnotes/api": "npm:^1.24.9"
"@standardnotes/api": "npm:^1.24.10"
"@standardnotes/common": "workspace:*"
"@standardnotes/domain-core": "workspace:^"
"@standardnotes/domain-events": "workspace:*"
@@ -2605,7 +2605,7 @@ __metadata:
dependencies:
"@newrelic/winston-enricher": "npm:^4.0.0"
"@sentry/node": "npm:^7.28.1"
"@standardnotes/api": "npm:^1.24.9"
"@standardnotes/api": "npm:^1.24.10"
"@standardnotes/common": "workspace:^"
"@standardnotes/domain-core": "workspace:^"
"@standardnotes/domain-events": "workspace:^"
@@ -2645,7 +2645,7 @@ __metadata:
dependencies:
"@newrelic/winston-enricher": "npm:^4.0.0"
"@sentry/node": "npm:^7.28.1"
"@standardnotes/api": "npm:^1.24.9"
"@standardnotes/api": "npm:^1.24.10"
"@standardnotes/common": "workspace:*"
"@standardnotes/domain-core": "workspace:^"
"@standardnotes/domain-events": "workspace:^"