Revert "fix!: api login should not suggest which credential is wrong" (…

…#32156) This reverts commit 65324bc.
RocketChat · Apr 9, 2024 · 46c757a · 46c757a
1 parent 87ad98f
commit 46c757a
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 33 deletions.
diff --git a/.changeset/fuzzy-cherries-buy.md b/.changeset/fuzzy-cherries-buy.md
diff --git a/apps/meteor/app/lib/server/lib/loginErrorMessageOverride.js b/apps/meteor/app/lib/server/lib/loginErrorMessageOverride.js
@@ -0,0 +1,14 @@
+// Do not disclose if user exists when password is invalid
+import { Accounts } from 'meteor/accounts-base';
+import { Meteor } from 'meteor/meteor';
+
+const { _runLoginHandlers } = Accounts;
+Accounts._runLoginHandlers = function (methodInvocation, options) {
+	const result = _runLoginHandlers.call(Accounts, methodInvocation, options);
+
+	if (result.error && result.error.reason === 'Incorrect password') {
+		result.error = new Meteor.Error(403, 'User not found');
+	}
+
+	return result;
+};
diff --git a/apps/meteor/app/lib/server/lib/loginErrorMessageOverride.ts b/apps/meteor/app/lib/server/lib/loginErrorMessageOverride.ts
diff --git a/apps/meteor/client/meteorOverrides/login/google.ts b/apps/meteor/client/meteorOverrides/login/google.ts
@@ -8,6 +8,16 @@ import { overrideLoginMethod, type LoginCallback } from '../../lib/2fa/overrideL
 import { wrapRequestCredentialFn } from '../../lib/wrapRequestCredentialFn';
 import { createOAuthTotpLoginMethod } from './oauth';
 
+declare module 'meteor/accounts-base' {
+	// eslint-disable-next-line @typescript-eslint/no-namespace
+	namespace Accounts {
+		export const _options: {
+			restrictCreationByEmailDomain?: string | (() => string);
+			forbidClientAccountCreation?: boolean | undefined;
+		};
+	}
+}
+
 declare module 'meteor/meteor' {
 	// eslint-disable-next-line @typescript-eslint/no-namespace
 	namespace Meteor {

diff --git a/apps/meteor/definition/externals/meteor/accounts-base.d.ts b/apps/meteor/definition/externals/meteor/accounts-base.d.ts
@@ -22,7 +22,7 @@ declare module 'meteor/accounts-base' {
 
 		function _insertLoginToken(userId: string, token: { token: string; when: Date }): void;
 
-		function _runLoginHandlers<T>(methodInvocation: T, loginRequest: Record<string, any>): Promise<LoginMethodResult>;
+		function _runLoginHandlers<T>(methodInvocation: T, loginRequest: Record<string, any>): LoginMethodResult | undefined;
 
 		function registerLoginHandler(name: string, handler: (options: any) => undefined | object): void;
 
@@ -54,14 +54,6 @@ declare module 'meteor/accounts-base' {
 
 		const _accountData: Record<string, any>;
 
-		interface AccountsServerOptions {
-			ambiguousErrorMessages?: boolean;
-			restrictCreationByEmailDomain?: string | (() => string);
-			forbidClientAccountCreation?: boolean | undefined;
-		}
-
-		export const _options: AccountsServerOptions;
-
 		// eslint-disable-next-line @typescript-eslint/no-namespace
 		namespace oauth {
 			function credentialRequestCompleteHandler(

diff --git a/apps/meteor/tests/end-to-end/api/31-failed-login-attempts.ts b/apps/meteor/tests/end-to-end/api/31-failed-login-attempts.ts
@@ -54,7 +54,7 @@ describe('[Failed Login Attempts]', function () {
 			.expect(401)
 			.expect((res) => {
 				expect(res.body).to.have.property('status', 'error');
-				expect(res.body).to.have.property('message', 'Unauthorized');
+				expect(res.body).to.have.property('message', 'Incorrect password');
 			});
 	}