Loading backend/src/lib/api.ts +19 −2 Original line number Diff line number Diff line Loading @@ -98,6 +98,7 @@ app.post("/login/step/instance", async (req, res) => { prompt: "USERNAME", // change this if oidc is available instance: domain, method: deliveryProvider ? "SEND_CODE" : "RECV_CODE", attempt: 0, }; // const oidcSupport = await doesInstanceSupportOIDC(domain); Loading Loading @@ -238,6 +239,13 @@ app.post("/login/step/verify", async (req, res) => { const { session_id, username, instance } = req.session.login; if (req.session.login.attempt > 5) { req.session.destroy(() => { res.status(400).json({ success: false, error: "too_many_attempts" }); }); return; } const session = await prisma.authSession.findFirst({ where: { id: session_id, Loading Loading @@ -266,7 +274,11 @@ app.post("/login/step/verify", async (req, res) => { code = req.body.code; if (session.one_time_code !== code) { return res.status(400).json({ success: false, error: "code_invalid" }); req.session.login.attempt++; req.session.save(() => { res.status(400).json({ success: false, error: "code_invalid" }); }); return; } req.session.user = { sub: session.user_sub }; Loading @@ -290,7 +302,12 @@ app.post("/login/step/verify", async (req, res) => { res.json({ success: true }); }); } else { if (req.session.login) { req.session.login.attempt++; } req.session.save(() => { res.status(400).json({ success: false, error: data.error }); }); } }); break; Loading backend/src/types/session-types.ts +1 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ declare module "express-session" { method: "SEND_CODE" | "RECV_CODE"; // what delivery to attempt username?: string; session_id?: string; attempt: number; }; } } Loading Loading
backend/src/lib/api.ts +19 −2 Original line number Diff line number Diff line Loading @@ -98,6 +98,7 @@ app.post("/login/step/instance", async (req, res) => { prompt: "USERNAME", // change this if oidc is available instance: domain, method: deliveryProvider ? "SEND_CODE" : "RECV_CODE", attempt: 0, }; // const oidcSupport = await doesInstanceSupportOIDC(domain); Loading Loading @@ -238,6 +239,13 @@ app.post("/login/step/verify", async (req, res) => { const { session_id, username, instance } = req.session.login; if (req.session.login.attempt > 5) { req.session.destroy(() => { res.status(400).json({ success: false, error: "too_many_attempts" }); }); return; } const session = await prisma.authSession.findFirst({ where: { id: session_id, Loading Loading @@ -266,7 +274,11 @@ app.post("/login/step/verify", async (req, res) => { code = req.body.code; if (session.one_time_code !== code) { return res.status(400).json({ success: false, error: "code_invalid" }); req.session.login.attempt++; req.session.save(() => { res.status(400).json({ success: false, error: "code_invalid" }); }); return; } req.session.user = { sub: session.user_sub }; Loading @@ -290,7 +302,12 @@ app.post("/login/step/verify", async (req, res) => { res.json({ success: true }); }); } else { if (req.session.login) { req.session.login.attempt++; } req.session.save(() => { res.status(400).json({ success: false, error: data.error }); }); } }); break; Loading
backend/src/types/session-types.ts +1 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ declare module "express-session" { method: "SEND_CODE" | "RECV_CODE"; // what delivery to attempt username?: string; session_id?: string; attempt: number; }; } } Loading
