Talon/chat_grid
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Return friendly generic auth messages for login and resume failures"

Browse Source 
This reverts commit 9f3cd1fbdc.
This commit is contained in:
Jage9
2026-02-28 04:52:44 -05:00
parent 027f04e58d
commit 9c5011a8fd
2 changed files with 2 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/app/server.py
View File

@@ -125,8 +125,6 @@ AUTH_SESSION_COOKIE_MAX_AGE_SECONDS = 14 * 24 * 60 * 60
AUTH_SESSION_COOKIE_SET_PATH = "/auth/session/set" AUTH_SESSION_COOKIE_SET_PATH = "/auth/session/set"
AUTH_SESSION_COOKIE_CLEAR_PATH = "/auth/session/clear" AUTH_SESSION_COOKIE_CLEAR_PATH = "/auth/session/clear"
AUTH_SESSION_COOKIE_CLIENT_HEADER = "X-Chgrid-Auth-Client" AUTH_SESSION_COOKIE_CLIENT_HEADER = "X-Chgrid-Auth-Client"
AUTH_LOGIN_FAILURE_MESSAGE = "We couldn't log you in. Check your details and try again."
AUTH_RESUME_FAILURE_MESSAGE = "We couldn't restore your session. Please log in again."
ADMIN_MENU_ACTION_DEFINITIONS: tuple[dict[str, str], ...] = ( ADMIN_MENU_ACTION_DEFINITIONS: tuple[dict[str, str], ...] = (
{"id": "manage_roles", "label": "Role management", "permission": "role.manage"}, {"id": "manage_roles", "label": "Role management", "permission": "role.manage"},
{"id": "change_user_role", "label": "Change user role", "permission": "user.change_role"}, {"id": "change_user_role", "label": "Change user role", "permission": "user.change_role"},
@@ -1542,11 +1540,6 @@ class SignalingServer:
if isinstance(packet, (AuthLoginPacket, AuthRegisterPacket, AuthResumePacket)): if isinstance(packet, (AuthLoginPacket, AuthRegisterPacket, AuthResumePacket)):
self._record_auth_failure(client, packet) self._record_auth_failure(client, packet)
await self._sleep_auth_failure_jitter() await self._sleep_auth_failure_jitter()
response_message = str(exc)
if isinstance(packet, AuthLoginPacket):
response_message = AUTH_LOGIN_FAILURE_MESSAGE
elif isinstance(packet, AuthResumePacket):
response_message = AUTH_RESUME_FAILURE_MESSAGE
LOGGER.warning( LOGGER.warning(
"auth failure id=%s ip=%s packet=%s reason=%s", "auth failure id=%s ip=%s packet=%s reason=%s",
client.id, client.id,
@@ -1559,7 +1552,7 @@ class SignalingServer:
AuthResultPacket( AuthResultPacket(
type="auth_result", type="auth_result",
ok=False, ok=False,
message=response_message, message=str(exc),
authPolicy=self._auth_policy(), authPolicy=self._auth_policy(),
), ),
) )

55
server/tests/test_server_message_handling.py
View File

@@ -10,8 +10,7 @@ import pytest
from websockets.asyncio.server import ServerConnection from websockets.asyncio.server import ServerConnection
from app.client import ClientConnection from app.client import ClientConnection
from app.auth_service import AuthError from app.server import SignalingServer
from app.server import AUTH_LOGIN_FAILURE_MESSAGE, AUTH_RESUME_FAILURE_MESSAGE, SignalingServer
def _fake_ws() -> ServerConnection: def _fake_ws() -> ServerConnection:
@@ -249,58 +248,6 @@ async def test_auth_rate_limit_blocks_before_hash(monkeypatch: pytest.MonkeyPatc
assert "too many" in send_payloads[-1].message.lower() assert "too many" in send_payloads[-1].message.lower()
@pytest.mark.asyncio
async def test_auth_login_failure_message_is_generic(monkeypatch: pytest.MonkeyPatch) -> None:
server = SignalingServer("127.0.0.1", 8765, None, None)
ws = _fake_ws()
client = ClientConnection(websocket=ws, id="u1", nickname="tester")
send_payloads: list[object] = []
async def fake_send(websocket: ServerConnection, packet: object) -> None:
send_payloads.append(packet)
monkeypatch.setattr(server, "_send", fake_send)
monkeypatch.setattr(server, "_sleep_auth_failure_jitter", lambda: asyncio.sleep(0))
def fake_login(_username: str, _password: str):
raise AuthError("Account is disabled.")
monkeypatch.setattr(server.auth_service, "login", fake_login)
await server._handle_message(client, json.dumps({"type": "auth_login", "username": "alpha", "password": "wrongpass"}))
auth_results = [packet for packet in send_payloads if getattr(packet, "type", "") == "auth_result"]
assert auth_results
assert auth_results[-1].ok is False
assert auth_results[-1].message == AUTH_LOGIN_FAILURE_MESSAGE
@pytest.mark.asyncio
async def test_auth_resume_failure_message_is_generic(monkeypatch: pytest.MonkeyPatch) -> None:
server = SignalingServer("127.0.0.1", 8765, None, None)
ws = _fake_ws()
client = ClientConnection(websocket=ws, id="u1", nickname="tester")
send_payloads: list[object] = []
async def fake_send(websocket: ServerConnection, packet: object) -> None:
send_payloads.append(packet)
monkeypatch.setattr(server, "_send", fake_send)
monkeypatch.setattr(server, "_sleep_auth_failure_jitter", lambda: asyncio.sleep(0))
def fake_resume(_token: str):
raise AuthError("Session has expired.")
monkeypatch.setattr(server.auth_service, "resume", fake_resume)
await server._handle_message(client, json.dumps({"type": "auth_resume", "sessionToken": "expired-token"}))
auth_results = [packet for packet in send_payloads if getattr(packet, "type", "") == "auth_result"]
assert auth_results
assert auth_results[-1].ok is False
assert auth_results[-1].message == AUTH_RESUME_FAILURE_MESSAGE
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_item_drop_rejects_out_of_bounds(monkeypatch: pytest.MonkeyPatch) -> None: async def test_item_drop_rejects_out_of_bounds(monkeypatch: pytest.MonkeyPatch) -> None:
server = SignalingServer("127.0.0.1", 8765, None, None, grid_size=41) server = SignalingServer("127.0.0.1", 8765, None, None, grid_size=41)