mirrors/zed
1
0
Fork 0
mirror of https://github.com/zed-industries/zed.git synced 2024-10-27 16:57:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Return a 400, not a 500 when token validation fails

Browse source 
Co-authored-by: Antonio Scandurra <antonio@zed.dev>
This commit is contained in:
Max Brunsfeld 2023-03-17 13:56:12 -07:00
parent 26dae3c04e
commit 9633a4b527
1 changed files with 16 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
crates/collab/src/auth.rs
View file

@ -1,5 +1,5 @@
use crate::{
db::{self, AccessTokenId, UserId},
db::{self, AccessTokenId, Database, UserId},
AppState, Error, Result,
};
use anyhow::{anyhow, Context};
@ -47,14 +47,9 @@ pub async fn validate_header<B>(mut req: Request<B>, next: Next<B>) -> impl Into
let credentials_valid = if let Some(admin_token) = access_token.strip_prefix("ADMIN_TOKEN:") {
state.config.api_token == admin_token
} else {
let access_token: AccessTokenJson = serde_json::from_str(&access_token)?;
let token = state.db.get_access_token(access_token.id).await?;
if token.user_id != user_id {
return Err(anyhow!("no such access token"))?;
}
verify_access_token(&access_token.token, &token.hash)?
verify_access_token(&access_token, user_id, &state.db)
.await
.unwrap_or(false)
};
if credentials_valid {
@ -125,7 +120,16 @@ pub fn encrypt_access_token(access_token: &str, public_key: String) -> Result<St
Ok(encrypted_access_token)
}
pub fn verify_access_token(token: &str, hash: &str) -> Result<bool> {
let hash = PasswordHash::new(hash).map_err(anyhow::Error::new)?;
Ok(Scrypt.verify_password(token.as_bytes(), &hash).is_ok())
pub async fn verify_access_token(token: &str, user_id: UserId, db: &Arc<Database>) -> Result<bool> {
let token: AccessTokenJson = serde_json::from_str(&token)?;
let db_token = db.get_access_token(token.id).await?;
if db_token.user_id != user_id {
return Err(anyhow!("no such access token"))?;
}
let db_hash = PasswordHash::new(&db_token.hash).map_err(anyhow::Error::new)?;
Ok(Scrypt
.verify_password(token.token.as_bytes(), &db_hash)
.is_ok())
}