diff --git a/package.json b/package.json index d0ebe5e9..964bb015 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ }, "dependencies": { "ajv": "^5.2.3", - "bluebird": "^3.4.7", + "bluebird": "3.5.0", "body-parser": "^1.15.2", "connect-redis": "^3.3.0", "dovehash": "0.0.5", diff --git a/server/src/lib/routes/firstfactor/post.ts b/server/src/lib/routes/firstfactor/post.ts index 086700bb..e32ffc58 100644 --- a/server/src/lib/routes/firstfactor/post.ts +++ b/server/src/lib/routes/firstfactor/post.ts @@ -1,5 +1,5 @@ -import exceptions = require("../../Exceptions"); +import Exceptions = require("../../Exceptions"); import objectPath = require("object-path"); import BluebirdPromise = require("bluebird"); import express = require("express"); @@ -21,19 +21,20 @@ export default function (req: express.Request, res: express.Response): BluebirdP const logger = ServerVariablesHandler.getLogger(req.app); const ldap = ServerVariablesHandler.getLdapAuthenticator(req.app); const config = ServerVariablesHandler.getConfiguration(req.app); - - if (!username || !password) { - return BluebirdPromise.reject(new Error("No username or password.")); - } - const regulator = ServerVariablesHandler.getAuthenticationRegulator(req.app); const accessController = ServerVariablesHandler.getAccessController(req.app); const authenticationMethodsCalculator = ServerVariablesHandler.getAuthenticationMethodCalculator(req.app); let authSession: AuthenticationSession.AuthenticationSession; - logger.info(req, "Starting authentication of user \"%s\"", username); - return AuthenticationSession.get(req) + return BluebirdPromise.resolve() + .then(function () { + if (!username || !password) { + return BluebirdPromise.reject(new Error("No username or password.")); + } + logger.info(req, "Starting authentication of user \"%s\"", username); + return AuthenticationSession.get(req); + }) .then(function (_authSession: AuthenticationSession.AuthenticationSession) { authSession = _authSession; return regulator.regulate(username); @@ -92,7 +93,7 @@ export default function (req: express.Request, res: express.Response): BluebirdP } return BluebirdPromise.resolve(); }) - .catch(exceptions.LdapBindError, function (err: Error) { + .catch(Exceptions.LdapBindError, function (err: Error) { regulator.mark(username, false); return ErrorReplies.replyWithError200(req, res, logger, UserMessages.OPERATION_FAILED)(err); }) diff --git a/server/test/routes/firstfactor/post.test.ts b/server/test/routes/firstfactor/post.test.ts index 89c1d72e..98de498b 100644 --- a/server/test/routes/firstfactor/post.test.ts +++ b/server/test/routes/firstfactor/post.test.ts @@ -120,6 +120,7 @@ describe("test the first factor validation route", function () { it("should return error message when LDAP authenticator throws", function () { (serverVariables.ldapAuthenticator as any).authenticate.withArgs("username", "password") .returns(BluebirdPromise.reject(new exceptions.LdapBindError("Bad credentials"))); + return FirstFactorPost.default(req as any, res as any) .then(function () { Assert.equal(res.status.getCall(0).args[0], 200); diff --git a/server/test/routes/secondfactor/totp/sign/post.test.ts b/server/test/routes/secondfactor/totp/sign/post.test.ts index 21b9de36..22bfa513 100644 --- a/server/test/routes/secondfactor/totp/sign/post.test.ts +++ b/server/test/routes/secondfactor/totp/sign/post.test.ts @@ -23,7 +23,7 @@ describe("test totp route", function () { const app_get = sinon.stub(); req = { app: { - get: sinon.stub().returns({ logger: winston }) + get: sinon.stub().returns({ logger: winston }) }, body: { token: "abc" @@ -66,13 +66,15 @@ describe("test totp route", function () { }); }); - it("should send status code 401 when totp is not valid", function () { + it("should send error message when totp is not valid", function () { totpValidator.validate.returns(BluebirdPromise.reject(new exceptions.InvalidTOTPError("Bad TOTP token"))); - SignPost.default(req as any, res as any) - .then(function () { return BluebirdPromise.reject(new Error("It should fail")); }) - .catch(function () { + return SignPost.default(req as any, res as any) + .then(function () { assert.equal(false, authSession.second_factor); - assert.equal(401, res.status.getCall(0).args[0]); + assert.equal(res.status.getCall(0).args[0], 200); + assert.deepEqual(res.send.getCall(0).args[0], { + error: "Operation failed." + }); return BluebirdPromise.resolve(); }); });