From 6877e9d1a1daa0808e01913296a861e9a2219f23 Mon Sep 17 00:00:00 2001 From: Adminy Date: Fri, 8 Sep 2023 14:27:38 +0100 Subject: [PATCH] clear auth failure messages (#2635) --- lib/src/err/mod.rs | 53 ++++++++++++++++++++++++++++++++++++------- lib/src/iam/signin.rs | 36 ++++++++++------------------- lib/src/iam/signup.rs | 17 +++++--------- lib/src/iam/verify.rs | 3 +-- 4 files changed, 64 insertions(+), 45 deletions(-) diff --git a/lib/src/err/mod.rs b/lib/src/err/mod.rs index dc360cd3..ae022e05 100644 --- a/lib/src/err/mod.rs +++ b/lib/src/err/mod.rs @@ -109,14 +109,6 @@ pub enum Error { #[error("The SQL query was not parsed fully")] QueryRemaining, - /// There was an error with authentication - #[error("There was a problem with authentication")] - InvalidAuth, - - /// Auth was expected to be set but was unknown - #[error("Auth was expected to be set but was unknown")] - UnknownAuth, - /// There was an error with the SQL query #[error("Parse error: {0}")] InvalidQuery(RenderedParserError), @@ -651,6 +643,51 @@ pub enum Error { /// Network target is not allowed #[error("Access to network target '{0}' is not allowed")] NetTargetNotAllowed(String), + + // + // Authentication / Signup + // + #[error("There was an error creating the token")] + TokenMakingFailed, + + #[error("No record was returned")] + NoRecordFound, + + #[error("The signup query failed")] + SignupQueryFailed, + + #[error("The signin query failed")] + SigninQueryFailed, + + #[error("This scope does not allow signup")] + ScopeNoSignup, + + #[error("This scope does not allow signin")] + ScopeNoSignin, + + #[error("The scope does not exist")] + NoScopeFound, + + #[error("Username or Password was not provided")] + MissingUserOrPass, + + #[error("No signin target to either SC or DB or NS or KV")] + NoSigninTarget, + + #[error("The password did not verify")] + InvalidPass, + + /// There was an error with authentication + #[error("There was a problem with authentication")] + InvalidAuth, + + /// There was an error with signing up + #[error("There was a problem with signing up")] + InvalidSignup, + + /// Auth was expected to be set but was unknown + #[error("Auth was expected to be set but was unknown")] + UnknownAuth, } impl From for String { diff --git a/lib/src/iam/signin.rs b/lib/src/iam/signin.rs index 545a5522..8f5787b7 100644 --- a/lib/src/iam/signin.rs +++ b/lib/src/iam/signin.rs @@ -49,8 +49,7 @@ pub async fn signin( // Attempt to signin to database super::signin::db(kvs, session, ns, db, user, pass).await } - // There is no username or password - _ => Err(Error::InvalidAuth), + _ => Err(Error::MissingUserOrPass), } } // NS signin @@ -69,8 +68,7 @@ pub async fn signin( // Attempt to signin to namespace super::signin::ns(kvs, session, ns, user, pass).await } - // There is no username or password - _ => Err(Error::InvalidAuth), + _ => Err(Error::MissingUserOrPass), } } // KV signin @@ -88,11 +86,10 @@ pub async fn signin( // Attempt to signin to root super::signin::kv(kvs, session, user, pass).await } - // There is no username or password - _ => Err(Error::InvalidAuth), + _ => Err(Error::MissingUserOrPass), } } - _ => Err(Error::InvalidAuth), + _ => Err(Error::NoSigninTarget), } } @@ -165,23 +162,18 @@ pub async fn sc( match enc { // The auth token was created successfully Ok(tk) => Ok(Some(tk)), - // There was an error creating the token - _ => Err(Error::InvalidAuth), + _ => Err(Error::TokenMakingFailed), } } - // No record was returned - _ => Err(Error::InvalidAuth), + _ => Err(Error::NoRecordFound), }, - // The signin query failed - _ => Err(Error::InvalidAuth), + _ => Err(Error::SigninQueryFailed), } } - // This scope does not allow signin - _ => Err(Error::InvalidAuth), + _ => Err(Error::ScopeNoSignin), } } - // The scope does not exists - _ => Err(Error::InvalidAuth), + _ => Err(Error::NoScopeFound), } } @@ -220,11 +212,9 @@ pub async fn db( match enc { // The auth token was created successfully Ok(tk) => Ok(Some(tk)), - // There was an error creating the token - _ => Err(Error::InvalidAuth), + _ => Err(Error::TokenMakingFailed), } } - // The password did not verify _ => Err(Error::InvalidAuth), } } @@ -261,8 +251,7 @@ pub async fn ns( match enc { // The auth token was created successfully Ok(tk) => Ok(Some(tk)), - // There was an error creating the token - _ => Err(Error::InvalidAuth), + _ => Err(Error::TokenMakingFailed), } } Err(e) => Err(e), @@ -298,8 +287,7 @@ pub async fn kv( match enc { // The auth token was created successfully Ok(tk) => Ok(Some(tk)), - // There was an error creating the token - _ => Err(Error::InvalidAuth), + _ => Err(Error::TokenMakingFailed), } } Err(e) => Err(e), diff --git a/lib/src/iam/signup.rs b/lib/src/iam/signup.rs index 92a8556d..01ad70bb 100644 --- a/lib/src/iam/signup.rs +++ b/lib/src/iam/signup.rs @@ -30,7 +30,7 @@ pub async fn signup( // Attempt to signup to specified scope super::signup::sc(kvs, session, ns, db, sc, vars).await } - _ => Err(Error::InvalidAuth), + _ => Err(Error::InvalidSignup), } } @@ -103,22 +103,17 @@ pub async fn sc( match enc { // The auth token was created successfully Ok(tk) => Ok(Some(tk)), - // There was an error creating the token - _ => Err(Error::InvalidAuth), + _ => Err(Error::TokenMakingFailed), } } - // No record was returned - _ => Err(Error::InvalidAuth), + _ => Err(Error::NoRecordFound), }, - // The signup query failed - Err(_) => Err(Error::InvalidAuth), + Err(_) => Err(Error::SignupQueryFailed), } } - // This scope does not allow signup - _ => Err(Error::InvalidAuth), + _ => Err(Error::ScopeNoSignup), } } - // The scope does not exists - _ => Err(Error::InvalidAuth), + _ => Err(Error::NoScopeFound), } } diff --git a/lib/src/iam/verify.rs b/lib/src/iam/verify.rs index d5becf6f..10d22d12 100644 --- a/lib/src/iam/verify.rs +++ b/lib/src/iam/verify.rs @@ -484,8 +484,7 @@ fn verify_pass(pass: &str, hash: &str) -> Result<(), Error> { // Attempt to verify the password using Argon2 match Argon2::default().verify_password(pass.as_ref(), &hash) { Ok(_) => Ok(()), - // The password did not verify - _ => Err(Error::InvalidAuth), + _ => Err(Error::InvalidPass), } }