X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fapi%2Fusers%2Ftoken.ts;h=c6afea67c20058103c58ee375d027b0cd00a9bfd;hb=e364e31e25bd1d4b8d801c845a96d6be708f0a18;hp=5ada4a8052aee41d7ebc9f59db469fc85cbb9501;hpb=c55e3d7227fe1453869e309025996b9d75256d5d;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts index 5ada4a805..c6afea67c 100644 --- a/server/controllers/api/users/token.ts +++ b/server/controllers/api/users/token.ts @@ -1,18 +1,18 @@ import express from 'express' -import RateLimit from 'express-rate-limit' import { logger } from '@server/helpers/logger' import { CONFIG } from '@server/initializers/config' +import { OTP } from '@server/initializers/constants' import { getAuthNameFromRefreshGrant, getBypassFromExternalAuth, getBypassFromPasswordGrant } from '@server/lib/auth/external-auth' -import { handleOAuthToken } from '@server/lib/auth/oauth' +import { handleOAuthToken, MissingTwoFactorError } from '@server/lib/auth/oauth' import { BypassLogin, revokeToken } from '@server/lib/auth/oauth-model' import { Hooks } from '@server/lib/plugins/hooks' -import { asyncMiddleware, authenticate, openapiOperationDoc } from '@server/middlewares' -import { buildUUID } from '@shared/core-utils' +import { asyncMiddleware, authenticate, buildRateLimiter, openapiOperationDoc } from '@server/middlewares' +import { buildUUID } from '@shared/extra-utils' import { ScopedToken } from '@shared/models/users/user-scoped-token' const tokensRouter = express.Router() -const loginRateLimiter = RateLimit({ +const loginRateLimiter = buildRateLimiter({ windowMs: CONFIG.RATES_LIMIT.LOGIN.WINDOW_MS, max: CONFIG.RATES_LIMIT.LOGIN.MAX }) @@ -80,6 +80,10 @@ async function handleToken (req: express.Request, res: express.Response, next: e } catch (err) { logger.warn('Login error', { err }) + if (err instanceof MissingTwoFactorError) { + res.set(OTP.HEADER_NAME, OTP.HEADER_REQUIRED_VALUE) + } + return res.fail({ status: err.code, message: err.message,