From 490b595a01c5824ff63ffb87f0efdfca95f4bf3b Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 29 Mar 2018 10:58:24 +0200 Subject: Prevent brute force login attack --- client/src/app/core/auth/auth.service.ts | 8 +++-- .../src/app/shared/rest/rest-extractor.service.ts | 36 +++++++++++++--------- client/src/app/signup/signup.component.ts | 2 +- 3 files changed, 29 insertions(+), 17 deletions(-) (limited to 'client') diff --git a/client/src/app/core/auth/auth.service.ts b/client/src/app/core/auth/auth.service.ts index f5ca2fcdc..d31c61496 100644 --- a/client/src/app/core/auth/auth.service.ts +++ b/client/src/app/core/auth/auth.service.ts @@ -66,8 +66,12 @@ export class AuthService { }, error => { - let errorMessage = `Cannot retrieve OAuth Client credentials: ${error.text}. \n` - errorMessage += 'Ensure you have correctly configured PeerTube (config/ directory), in particular the "webserver" section.' + let errorMessage = error.message + + if (error.status === 403) { + errorMessage = `Cannot retrieve OAuth Client credentials: ${error.text}. \n` + errorMessage += 'Ensure you have correctly configured PeerTube (config/ directory), in particular the "webserver" section.' + } // We put a bigger timeout // This is an important message diff --git a/client/src/app/shared/rest/rest-extractor.service.ts b/client/src/app/shared/rest/rest-extractor.service.ts index ad08a32f8..b1e22a76c 100644 --- a/client/src/app/shared/rest/rest-extractor.service.ts +++ b/client/src/app/shared/rest/rest-extractor.service.ts @@ -42,25 +42,33 @@ export class RestExtractor { console.error('An error occurred:', errorMessage) } else if (err.status !== undefined) { // A server-side error occurred. - if (err.error) { - if (err.error.errors) { - const errors = err.error.errors - const errorsArray: string[] = [] - - Object.keys(errors).forEach(key => { - errorsArray.push(errors[key].msg) - }) - - errorMessage = errorsArray.join('. ') - } else if (err.error.error) { - errorMessage = err.error.error - } + if (err.error && err.error.errors) { + const errors = err.error.errors + const errorsArray: string[] = [] + + Object.keys(errors).forEach(key => { + errorsArray.push(errors[key].msg) + }) + + errorMessage = errorsArray.join('. ') + } else if (err.error && err.error.error) { + errorMessage = err.error.error } else if (err.status === 413) { errorMessage = 'Request is too large for the server. Please contact you administrator if you want to increase the limit size.' + } else if (err.status === 429) { + const secondsLeft = err.headers.get('retry-after') + if (secondsLeft) { + const minutesLeft = Math.floor(parseInt(secondsLeft, 10) / 60) + errorMessage = 'Too many attempts, please try again after ' + minutesLeft + ' minutes.' + } else { + errorMessage = 'Too many attempts, please try again later.' + } + } else if (err.status === 500) { + errorMessage = 'Server error. Please retry later.' } errorMessage = errorMessage ? errorMessage : 'Unknown error.' - console.error(`Backend returned code ${err.status}, body was: ${errorMessage}`) + console.error(`Backend returned code ${err.status}, errorMessage is: ${errorMessage}`) } else { errorMessage = err } diff --git a/client/src/app/signup/signup.component.ts b/client/src/app/signup/signup.component.ts index 93d73a11e..1f3e2e146 100644 --- a/client/src/app/signup/signup.component.ts +++ b/client/src/app/signup/signup.component.ts @@ -101,7 +101,7 @@ export class SignupComponent extends FormReactive implements OnInit { const lines = [ SignupComponent.getApproximateTime(fullHdSeconds) + ' of full HD videos', SignupComponent.getApproximateTime(hdSeconds) + ' of HD videos', - SignupComponent.getApproximateTime(normalSeconds) + ' of normal quality videos' + SignupComponent.getApproximateTime(normalSeconds) + ' of average quality videos' ] this.quotaHelpIndication = lines.join('
') -- cgit v1.2.3