boxerror: always pass second error string

src/ldapserver.js

@@ -84,8 +84,7 @@ async function getUsersWithAccessToApp(req) {
 
 // helper function to deal with pagination
 function finalSend(results, req, res, next) {
-    let min = 0;
-    let max = results.length;
+    const min = 0, max = results.length;
     let cookie = null;
     let pageSize = 0;
 
@@ -151,7 +150,7 @@ async function userSearch(req, res, next) {
     const [groupsError, allGroups] = await safe(groups.listWithMembers());
     if (groupsError) return next(new ldap.OperationsError(groupsError.message));
 
-    let results = [];
+    const results = [];
 
     // send user objects
     result.forEach(function (user) {
@@ -200,14 +199,12 @@ async function groupSearch(req, res, next) {
 
     const results = [];
 
-    let [groupsListError, resultGroups] = await safe(groups.listWithMembers());
+    const [groupsListError, groupsResult] = await safe(groups.listWithMembers());
     if (groupsListError) return next(new ldap.OperationsError(groupsListError.message));
 
-    if (req.app.accessRestriction && req.app.accessRestriction.groups) {
-        resultGroups = resultGroups.filter(function (g) { return req.app.accessRestriction.groups.indexOf(g.id) !== -1; });
-    }
+    for (const group of groupsResult) {
+        if (req.app.accessRestriction?.groups?.indexOf(group.id) === -1) continue;
 
-    resultGroups.forEach(function (group) {
         const dn = ldap.parseDN(`cn=${group.name},ou=groups,dc=cloudron`);
 
         const obj = {
@@ -227,7 +224,7 @@ async function groupSearch(req, res, next) {
         if ((req.dn.equals(dn) || req.dn.parentOf(dn)) && lowerCaseFilter.matches(obj.attributes)) {
             results.push(obj);
         }
-    });
+    }
 
     finalSend(results, req, res, next);
 }
@@ -308,14 +305,13 @@ async function mailboxSearch(req, res, next) {
         }
     } else { // new sogo and dovecot listing (doveadm -A)
         // TODO figure out how proper pagination here could work
-        let [error, mailboxes] = await safe(mail.listAllMailboxes(1, 100000));
+        const [error, mailboxes] = await safe(mail.listAllMailboxes(1, 100000));
         if (error) return next(new ldap.OperationsError(error.message));
 
-        mailboxes = mailboxes.filter(m => m.active);
-
-        let results = [];
+        const results = [];
 
         for (const mailbox of mailboxes) {
+            if (!mailbox.active) continue;
             const dn = ldap.parseDN(`cn=${mailbox.name}@${mailbox.domain},ou=mailboxes,dc=cloudron`);
 
             if (mailbox.ownerType === mail.OWNERTYPE_APP) continue; // cannot login with app mailbox anyway
@@ -397,8 +393,8 @@ async function mailingListSearch(req, res, next) {
 
     if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError('Missing CN'));
 
-    let email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
-    let parts = email.split('@');
+    const email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
+    const parts = email.split('@');
     if (parts.length !== 2) return next(new ldap.NoSuchObjectError('Invalid CN'));
     const name = parts[0], domain = parts[1];
 
@@ -474,10 +470,10 @@ async function verifyMailboxPassword(mailbox, password) {
             break; // found a matching validated user
         }
 
-        if (!verifiedUser) throw new BoxError(BoxError.INVALID_CREDENTIALS);
+        if (!verifiedUser) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Incorrect password');
         return verifiedUser;
     } else {
-        throw new BoxError(BoxError.INVALID_CREDENTIALS);
+        throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Incorrect password');
     }
 }
 
@@ -490,11 +486,11 @@ async function authenticateSftp(req, res, next) {
     const parts = email.split('@');
     if (parts.length !== 2) return next(new ldap.NoSuchObjectError('Invalid CN'));
 
-    let [error, app] = await safe(apps.getByFqdn(parts[1]));
-    if (error || !app) return next(new ldap.InvalidCredentialsError());
+    const [getAppError, app] = await safe(apps.getByFqdn(parts[1]));
+    if (getAppError || !app) return next(new ldap.InvalidCredentialsError());
 
-    [error] = await safe(users.verifyWithUsername(parts[0], req.credentials, app.id, { skipTotpCheck: true }));
-    if (error) return next(new ldap.InvalidCredentialsError(error.message));
+    const [verifyError] = await safe(users.verifyWithUsername(parts[0], req.credentials, app.id, { skipTotpCheck: true }));
+    if (verifyError) return next(new ldap.InvalidCredentialsError(verifyError.message));
 
     debug('sftp auth: success');
 
@@ -551,11 +547,11 @@ async function verifyAppMailboxPassword(serviceId, username, password) {
     const pattern = serviceId === 'msa' ? 'MAIL_SMTP' : 'MAIL_IMAP';
     const addonId = serviceId === 'msa' ? 'sendmail' : 'recvmail';
     const appId = await addonConfigs.getAppIdByValue(addonId, `%${pattern}_PASSWORD`, password); // search by password because this is unique for each app
-    if (!appId) throw new BoxError(BoxError.NOT_FOUND);
+    if (!appId) throw new BoxError(BoxError.NOT_FOUND, 'Could not find app');
 
     const result = await addonConfigs.get(appId, addonId);
 
-    if (!result.some(r => r.name.endsWith(`${pattern}_USERNAME`) && r.value === username)) throw new BoxError(BoxError.INVALID_CREDENTIALS);
+    if (!result.some(r => r.name.endsWith(`${pattern}_USERNAME`) && r.value === username)) throw new BoxError(BoxError.INVALID_CREDENTIALS, 'Could not locate user');
 }
 
 async function authenticateService(serviceId, dn, req, res, next) {