fix(auth): fix panic issue when frontend returned an invalid payload

This commit is contained in:
liushuyu 2022-04-01 20:13:04 -06:00
parent b87dab83d8
commit 8917ba88ca
No known key found for this signature in database
GPG key ID: 23D1CE4534419437
2 changed files with 42 additions and 12 deletions

View file

@ -187,8 +187,12 @@ pub fn handle(service: &WebService, _req: Request) -> InternalFuture {
_req.body() _req.body()
.concat2() .concat2()
.map(move |body| { .map(move |body| {
let req: AuthRequest = let req = serde_json::from_slice::<AuthRequest>(&body);
serde_json::from_slice(&body).log_expect("Malformed request"); if req.is_err() {
warn!("Failed to parse auth request from the frontend");
return default_future(Response::new().with_status(hyper::StatusCode::BadRequest));
}
let req = req.unwrap();
// Determine which credentials we should use // Determine which credentials we should use
let (username, token) = { let (username, token) = {

View file

@ -19,7 +19,7 @@
<section> <section>
<p>{{ $t('auth.token') }}</p> <p>{{ $t('auth.token') }}</p>
<b-field> <b-field>
<b-input type="text" v-model="combined_token" placeholder="Token" id="token" style='width: 80%;'></b-input> <b-input type="text" v-model="combined_token" :placeholder="$t('auth.token')" id="token" style='width: 80%;'></b-input>
<p class="control"> <p class="control">
<b-button type="is-info" v-on:click="paste">{{ $t('auth.paste') }}</b-button> <b-button type="is-info" v-on:click="paste">{{ $t('auth.paste') }}</b-button>
</p> </p>
@ -30,11 +30,7 @@
<section> <section>
<b-message type="is-danger" :active.sync="invalid_token"> <b-message id="invalid-token" type="is-danger" :active.sync="show_error">
{{ $t('auth.login_failed') }}
</b-message>
<b-message type="is-danger" :active.sync="invalid_login">
{{ $t('auth.login_failed') }} {{ $t('auth.login_failed') }}
</b-message> </b-message>
@ -89,7 +85,10 @@ export default {
}, },
computed: { computed: {
show_header: function () { show_header: function () {
return !this.browser_opened && !this.verification_opened && !this.invalid_token return !this.browser_opened && !this.verification_opened
},
show_error: function () {
return this.invalid_login || this.invalid_token
}, },
invalid_login: function () { invalid_login: function () {
return this.verification_opened && !this.$root.is_authenticated return this.verification_opened && !this.$root.is_authenticated
@ -113,6 +112,10 @@ export default {
}, },
// setter // setter
set: function (newValue) { set: function (newValue) {
if (!newValue || !newValue.trim()) {
this.invalid_token = true
return
}
try { try {
const split = atob(newValue).split(':') const split = atob(newValue).split(':')
this.$root.$data.username = split[0] this.$root.$data.username = split[0]
@ -129,10 +132,10 @@ export default {
this.$router.go(-1) this.$router.go(-1)
}, },
paste: function () { paste: function () {
document.getElementById('token').focus() window.document.getElementById('token').focus()
const that = this const that = this
navigator.clipboard.readText().then(function (v) { window.navigator.clipboard.readText().then(function (v) {
that.combined_token = v that.combined_token = v.trim()
}).catch(function () {}) }).catch(function () {})
}, },
launch_browser: function (url) { launch_browser: function (url) {
@ -146,7 +149,18 @@ export default {
} }
}).catch(function () {}) }).catch(function () {})
}, },
blink_error: function () {
const target = document.getElementById('invalid-token')
target.classList.add('blink-block')
setTimeout(function () {
target.classList.remove('blink-block')
}, 1200)
},
verify_token: function () { verify_token: function () {
if (this.invalid_token) {
this.blink_error()
return
}
this.loading = true this.loading = true
this.browser_opened = false this.browser_opened = false
this.$root.check_authentication(this.success, this.error) this.$root.check_authentication(this.success, this.error)
@ -170,7 +184,19 @@ export default {
error: function () { error: function () {
this.loading = false this.loading = false
this.verification_opened = true this.verification_opened = true
this.blink_error()
} }
} }
} }
</script> </script>
<style>
.blink-block {
animation: blink 0.3s linear infinite;
}
@keyframes blink {
50% {
opacity: 0
}
}
</style>