Improve handling for ott errors
This commit is contained in:
Neeraj Gupta
@@ -59,6 +59,7 @@ type UserController struct {
|
||||
UserCache *cache2.UserCache
|
||||
UserCacheController *usercache.Controller
|
||||
SRPLimiter *limiter.Limiter
|
||||
OTTLimiter *limiter.Limiter
|
||||
}
|
||||
|
||||
const (
|
||||
@@ -125,6 +126,7 @@ func NewUserController(
|
||||
userCacheController *usercache.Controller,
|
||||
) *UserController {
|
||||
srpLimiter := util.NewRateLimiter("100-H")
|
||||
ottLimiter := util.NewRateLimiter("100-H")
|
||||
return &UserController{
|
||||
UserRepo: userRepo,
|
||||
UsageRepo: usageRepo,
|
||||
@@ -151,6 +153,7 @@ func NewUserController(
|
||||
UserCache: userCache,
|
||||
UserCacheController: userCacheController,
|
||||
SRPLimiter: srpLimiter,
|
||||
OTTLimiter: ottLimiter,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -83,7 +83,7 @@ func hardcodedOTTForEmail(hardCodedOTT HardCodedOTT, email string) string {
|
||||
|
||||
// SendEmailOTT generates and sends an OTT to the provided email address
|
||||
func (c *UserController) SendEmailOTT(context *gin.Context, email string, purpose string) error {
|
||||
if err := c.validateSendOTT(email, purpose); err != nil {
|
||||
if err := c.validateSendOTT(context, email, purpose); err != nil {
|
||||
return err
|
||||
}
|
||||
ott, err := random.GenerateSixDigitOtp()
|
||||
@@ -142,7 +142,7 @@ func (c *UserController) isEmailAlreadyUsed(email string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *UserController) validateSendOTT(email string, purpose string) error {
|
||||
func (c *UserController) validateSendOTT(ctx *gin.Context, email string, purpose string) error {
|
||||
if purpose == ente.ChangeEmailOTTPurpose {
|
||||
if err := c.isEmailAlreadyUsed(email); err != nil {
|
||||
return err
|
||||
@@ -155,13 +155,27 @@ func (c *UserController) validateSendOTT(email string, purpose string) error {
|
||||
if purpose == ente.SignUpOTTPurpose && viper.GetBool("internal.disable-registration") && !isSignUpComplete {
|
||||
return stacktrace.Propagate(ente.ErrPermissionDenied, "registration is disabled")
|
||||
}
|
||||
//
|
||||
var registrationErr error
|
||||
if purpose == ente.SignUpOTTPurpose && isSignUpComplete {
|
||||
return stacktrace.Propagate(ente.ErrUserAlreadyRegistered, "user has already completed sign up process")
|
||||
registrationErr = stacktrace.Propagate(ente.ErrUserAlreadyRegistered, "user has already completed sign up process")
|
||||
}
|
||||
if purpose == ente.LoginOTTPurpose && !isSignUpComplete {
|
||||
return stacktrace.Propagate(ente.ErrUserNotRegistered, "user has not completed sign up process")
|
||||
registrationErr = stacktrace.Propagate(ente.ErrUserNotRegistered, "user has not completed sign up process")
|
||||
}
|
||||
return nil
|
||||
// if no registration error, return
|
||||
if registrationErr == nil {
|
||||
return registrationErr
|
||||
}
|
||||
// check & swallow registration information error if too many such
|
||||
// errors are generated in a short time
|
||||
if limiter, limitErr := c.OTTLimiter.Get(ctx, "send-ott"); limitErr != nil {
|
||||
if limiter.Reached {
|
||||
go c.DiscordController.NotifyPotentialAbuse("swallowing send-ott registration error")
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return registrationErr
|
||||
}
|
||||
|
||||
// isSignUpComplete checks if the user has completed the entire signup process.
|
||||
|
||||
Reference in New Issue
Block a user