jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

auth: add logs when auth fails or succeeds

Browse Source
This commit is contained in:
Girish Ramakrishnan
2025-07-11 17:59:00 +02:00
parent a470b2cd4e
commit 22e23e1e65
8 changed files with 70 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/accesscontrol.js
+6 -2
View File
@@ -9,11 +9,12 @@ exports = module.exports = {
};
const apps = require('../apps.js'),
tokens = require('../tokens.js'),
assert = require('assert'),
BoxError = require('../boxerror.js'),
debug = require('debug')('box:routes/accesscontrol'),
HttpError = require('@cloudron/connect-lastmile').HttpError,
safe = require('safetydance'),
tokens = require('../tokens.js'),
users = require('../users.js');
async function passwordAuth(req, res, next) {
@@ -60,7 +61,10 @@ async function tokenAuth(req, res, next) {
const user = await users.get(token.identifier);
if (!user) return next(new HttpError(401, 'User not found'));
if (!user.active) return next(new HttpError(401, 'User not active'));
if (!user.active) {
debug(`tokenAuth: ${user.username || user.id} is not active`);
return next(new HttpError(401, 'User not active'));
}
const remoteAddress = req.headers['x-forwarded-for'] || req.socket.remoteAddress;
if (!tokens.isIpAllowedSync(token, remoteAddress)) return next(new HttpError(401, 'Token not allowed from this IP'));
src/routes/test/users-test.js
+2 -2
View File
@@ -175,7 +175,7 @@ describe('Users API', function () {
});
it('did set password of created user', async function () {
await users.verify(userWithPassword.id, userWithPassword.password, users.AP_WEBADMIN, {});
await users.verifyWithId(userWithPassword.id, userWithPassword.password, users.AP_WEBADMIN, {});
});
});
@@ -410,7 +410,7 @@ describe('Users API', function () {
});
it('did change the user password', async function () {
await users.verify(user.id, 'bigenough', users.AP_WEBADMIN, {});
await users.verifyWithId(user.id, 'bigenough', users.AP_WEBADMIN, {});
});
});
src/routes/users.js
+1 -1
View File
@@ -196,7 +196,7 @@ async function verifyPassword(req, res, next) {
if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));
const [error] = await safe(users.verify(req.user.id, req.body.password, users.AP_WEBADMIN, { skipTotpCheck: true }));
const [error] = await safe(users.verifyWithId(req.user.id, req.body.password, users.AP_WEBADMIN, { skipTotpCheck: true }));
if (error) return next(BoxError.toHttpError(error));
req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password