diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts
index 547d115b..1c288716 100644
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -9,6 +9,7 @@ import RateLimit from "../../middlewares/RateLimit";
const router: Router = Router();
export default router;
+// TODO: check if user is deleted/restricted
router.post(
"/",
RateLimit({ count: 5, window: 60, onylIp: true }),
@@ -43,11 +44,25 @@ router.post(
// TODO: check captcha
}
- const user = await UserModel.findOne({ $or: query }, `user_data.hash id user_settings.locale user_settings.theme`).exec();
-
- if (!user) {
- throw FieldErrors({ login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" } });
- }
+ const user = await UserModel.findOne(
+ { $or: query },
+ {
+ projection: {
+ user_data: {
+ hash: true
+ },
+ id: true,
+ user_settings: {
+ locale: true,
+ theme: true
+ }
+ }
+ }
+ )
+ .exec()
+ .catch((e) => {
+ throw FieldErrors({ login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" } });
+ });
// the salt is saved in the password refer to bcrypt docs
const same_password = await bcrypt.compare(password, user.user_data.hash);
diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts
index 83f8dc8c..25c7b3dd 100644
--- a/src/routes/auth/register.ts
+++ b/src/routes/auth/register.ts
@@ -93,7 +93,9 @@ router.post(
if (!adjusted_email) throw FieldErrors({ email: { code: "INVALID_EMAIL", message: req.t("auth:register.INVALID_EMAIL") } });
// check if there is already an account with this email
- const exists = await UserModel.findOne({ email: adjusted_email }).exec();
+ const exists = await UserModel.findOne({ email: adjusted_email })
+ .exec()
+ .catch((e) => {});
if (exists) {
throw FieldErrors({
@@ -130,7 +132,9 @@ router.post(
if (!register.allowMultipleAccounts) {
// TODO: check if fingerprint was eligible generated
- const exists = await UserModel.findOne({ fingerprints: fingerprint }).exec();
+ const exists = await UserModel.findOne({ fingerprints: fingerprint })
+ .exec()
+ .catch((e) => {});
if (exists) {
throw FieldErrors({
@@ -165,8 +169,12 @@ router.post(
// TODO: is there any better way to generate a random discriminator only once, without checking if it already exists in the mongodb database?
for (let tries = 0; tries < 5; tries++) {
discriminator = Math.randomIntBetween(1, 9999).toString().padStart(4, "0");
- exists = await UserModel.findOne({ discriminator, username: adjusted_username }, "id").exec();
- if (!exists) break;
+ try {
+ exists = await UserModel.findOne({ discriminator, username: adjusted_username }, "id").exec();
+ } catch (error) {
+ // doesn't exist -> break
+ break;
+ }
}
if (exists) {
|
