diff --git a/package-lock.json b/package-lock.json index 4abb0752bc..662366bb33 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,6 @@ "@graphql-tools/merge": "9.0.8", "@graphql-tools/schema": "10.0.7", "@graphql-tools/utils": "10.5.5", - "@node-rs/bcrypt": "1.10.5", "@parse/fs-files-adapter": "3.0.0", "@parse/push-adapter": "6.4.1", "bcryptjs": "2.4.3", diff --git a/src/Adapters/Auth/OAuth1Client.js b/src/Adapters/Auth/OAuth1Client.js index fec508ba8b..25ad816016 100644 --- a/src/Adapters/Auth/OAuth1Client.js +++ b/src/Adapters/Auth/OAuth1Client.js @@ -4,7 +4,8 @@ var Parse = require('parse/node').Parse; var OAuth = function (options) { if (!options) { - throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'No options passed to OAuth'); + console.error('No options passed to OAuth'); + throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Configuration error.'); } this.consumer_key = options.consumer_key; this.consumer_secret = options.consumer_secret; diff --git a/src/Adapters/Auth/apple.js b/src/Adapters/Auth/apple.js index 4fd1153b75..db8621a903 100644 --- a/src/Adapters/Auth/apple.js +++ b/src/Adapters/Auth/apple.js @@ -20,9 +20,10 @@ const getAppleKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => { try { key = await authUtils.getSigningKey(client, keyId); } catch (error) { + console.error(`Unable to find matching key for Key ID: ${keyId}. Error: ${error.message}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `Unable to find matching key for Key ID: ${keyId}` + `Unauthorized` ); } return key; @@ -30,7 +31,8 @@ const getAppleKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => { const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMaxAge }) => { if (!token) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token is invalid for this user.`); + console.error('Invalid token'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`); } const { kid: keyId, alg: algorithm } = authUtils.getHeaderFromToken(token); @@ -51,19 +53,21 @@ const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMa }); } catch (exception) { const message = exception.message; - - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`); + console.error(`JWT verification failed. Error: ${message}`); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`); } if (jwtClaims.iss !== TOKEN_ISSUER) { + console.error(`Token issuer mismatch. Expected: ${TOKEN_ISSUER}, Received: ${jwtClaims.iss}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}` + `Unauthorized` ); } if (jwtClaims.sub !== id) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `auth data is invalid for this user.`); + console.error(`Token subject mismatch for user ID: ${id}.`); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`); } return jwtClaims; }; diff --git a/src/Adapters/Auth/facebook.js b/src/Adapters/Auth/facebook.js index 858e9579c6..dc608ebbb7 100644 --- a/src/Adapters/Auth/facebook.js +++ b/src/Adapters/Auth/facebook.js @@ -28,7 +28,8 @@ function validateGraphToken(authData, options) { if ((data && data.id == authData.id) || (process.env.TESTING && authData.id === 'test')) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.'); + console.error(`Invalid Facebook auth for user with ID: ${authData.id}`); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); }); } @@ -38,16 +39,19 @@ async function validateGraphAppId(appIds, authData, options) { return; } if (!Array.isArray(appIds)) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.'); + console.error('appIds must be an array.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } if (!appIds.length) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is not configured.'); + console.error('Authentication is not configured.') + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } const data = await graphRequest( `app?access_token=${access_token}${getAppSecretPath(authData, options)}` ); if (!data || !appIds.includes(data.id)) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.'); + console.error('Invalid authentication data.') + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } } @@ -63,9 +67,10 @@ const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => { try { key = await authUtils.getSigningKey(client, keyId); } catch (error) { + console.error(`Unable to find matching key for Key ID: ${keyId}. Error: ${error.message}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `Unable to find matching key for Key ID: ${keyId}` + `Unable to validate authentication key.` ); } return key; @@ -73,7 +78,7 @@ const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => { const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMaxAge }) => { if (!token) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'id token is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'invalid token.'); } const { kid: keyId, alg: algorithm } = authUtils.getHeaderFromToken(token); @@ -94,19 +99,22 @@ const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMa }); } catch (exception) { const message = exception.message; + console.error(`JWT verification failed. Error: ${message}`); - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized access.`); } if (jwtClaims.iss !== TOKEN_ISSUER) { + console.error(`id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}` + `Unauthorized access.` ); } if (jwtClaims.sub !== id) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'auth data is invalid for this user.'); + console.error(`Token subject mismatch for user ID: ${id}.`); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid authentication data.'); } return jwtClaims; }; diff --git a/src/Adapters/Auth/gcenter.js b/src/Adapters/Auth/gcenter.js index f70c254188..e71725b06d 100644 --- a/src/Adapters/Auth/gcenter.js +++ b/src/Adapters/Auth/gcenter.js @@ -39,9 +39,10 @@ function convertX509CertToPEM(X509Cert) { async function getAppleCertificate(publicKeyUrl) { if (!verifyPublicKeyUrl(publicKeyUrl)) { + console.error(`Invalid publicKeyUrl: ${publicKeyUrl}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}` + `Unauthorized` ); } if (cache[publicKeyUrl]) { @@ -62,9 +63,10 @@ async function getAppleCertificate(publicKeyUrl) { cert_headers['content-length'] == null || cert_headers['content-length'] > 10000 ) { + console.error(`Invalid publicKeyUrl: ${publicKeyUrl}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}` + `Unauthorized` ); } const { certificate, headers } = await getCertificate(publicKeyUrl); @@ -126,29 +128,33 @@ function verifySignature(publicKey, authData) { verifier.update(authData.salt, 'base64'); if (!verifier.verify(publicKey, authData.signature, 'base64')) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center - invalid signature'); + console.error('Invalid signature during Apple Game Center verification.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } } function verifyPublicKeyIssuer(cert, publicKeyUrl) { const publicKeyCert = pki.certificateFromPem(cert); if (!ca.cert) { + console.error('Invalid root certificate during Apple Game Center verification.'); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.' + 'Unauthorized' ); } try { if (!ca.cert.verify(publicKeyCert)) { + console.error(`Invalid publicKeyUrl issuer: ${publicKeyUrl}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}` + `Unauthorized` ); } } catch (e) { + console.error(`Error verifying publicKeyUrl issuer: ${e.message}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}` + `Unauthorized` ); } return cert; @@ -157,7 +163,8 @@ function verifyPublicKeyIssuer(cert, publicKeyUrl) { // Returns a promise that fulfills if this user id is valid. async function validateAuthData(authData) { if (!authData.id) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center - authData id missing'); + console.error('Missing authData id during Apple Game Center validation.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } authData.playerId = authData.id; const publicKey = await getAppleCertificate(authData.publicKeyUrl); @@ -179,9 +186,10 @@ async function validateAppId(appIds, authData, options = {}) { headers['content-length'] == null || headers['content-length'] > 10000 ) { + console.error('Invalid root certificate URL during Apple Game Center validation.'); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.' + 'Unauthorized' ); } ca.cert = pki.certificateFromPem(certificate); diff --git a/src/Adapters/Auth/github.js b/src/Adapters/Auth/github.js index 75233d53fd..76a89ed141 100644 --- a/src/Adapters/Auth/github.js +++ b/src/Adapters/Auth/github.js @@ -8,7 +8,8 @@ function validateAuthData(authData) { if (data && data.id == authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Github auth is invalid for this user.'); + console.error('Github auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); }); } diff --git a/src/Adapters/Auth/google.js b/src/Adapters/Auth/google.js index 755eb3c673..52c087a261 100644 --- a/src/Adapters/Auth/google.js +++ b/src/Adapters/Auth/google.js @@ -68,18 +68,22 @@ async function verifyIdToken({ id_token: token, id }, { clientId }) { }); } catch (exception) { const message = exception.message; - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`); + console.error(`Google Sign-In Validation Error: ${message}`); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`); } if (jwtClaims.iss !== TOKEN_ISSUER && jwtClaims.iss !== HTTPS_TOKEN_ISSUER) { + console.error(`id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}`); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - `id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}` + 'Unauthorized' ); } if (jwtClaims.sub !== id) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `auth data is invalid for this user.`); + const errMsg = `Token subject does not match user id.`; + console.error(`Google Sign-In Validation Error: ${errMsg}`); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } if (clientId && jwtClaims.aud !== clientId) { diff --git a/src/Adapters/Auth/gpgames.js b/src/Adapters/Auth/gpgames.js index 4462a7897d..f38a7f2977 100644 --- a/src/Adapters/Auth/gpgames.js +++ b/src/Adapters/Auth/gpgames.js @@ -15,9 +15,10 @@ async function validateAuthData(authData) { `https://www.googleapis.com/games/v1/players/${authData.id}?access_token=${authData.access_token}` ); if (!(response && response.playerId === authData.id)) { + console.error('Google Play Games Services - authData is invalid for this user.'); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'Google Play Games Services - authData is invalid for this user.' + 'Authentication Failed' ); } } diff --git a/src/Adapters/Auth/instagram.js b/src/Adapters/Auth/instagram.js index 521796de63..0d23c39066 100644 --- a/src/Adapters/Auth/instagram.js +++ b/src/Adapters/Auth/instagram.js @@ -12,7 +12,8 @@ function validateAuthData(authData) { if (user && user.id == authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Instagram auth is invalid for this user.'); + console.error('Instagram auth is invalid for this user.') + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); }); } diff --git a/src/Adapters/Auth/janraincapture.js b/src/Adapters/Auth/janraincapture.js index 01670e84aa..2a4feeb8b5 100644 --- a/src/Adapters/Auth/janraincapture.js +++ b/src/Adapters/Auth/janraincapture.js @@ -11,9 +11,10 @@ function validateAuthData(authData, options) { if (data && data.stat == 'ok' && data.result == authData.id) { return; } + console.error('Janrain capture auth is invalid for this user.') throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'Janrain capture auth is invalid for this user.' + 'Unauthorized' ); }); } diff --git a/src/Adapters/Auth/janrainengage.js b/src/Adapters/Auth/janrainengage.js index 6e1589e724..4d333c7e1d 100644 --- a/src/Adapters/Auth/janrainengage.js +++ b/src/Adapters/Auth/janrainengage.js @@ -11,9 +11,10 @@ function validateAuthData(authData, options) { if (data && data.stat == 'ok' && data.profile.identifier == authData.id) { return; } + console.error('Janrain engage auth is invalid for this user.'); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'Janrain engage auth is invalid for this user.' + 'Unauthorized' ); }); } diff --git a/src/Adapters/Auth/keycloak.js b/src/Adapters/Auth/keycloak.js index fd72e58e85..afc0323cb6 100644 --- a/src/Adapters/Auth/keycloak.js +++ b/src/Adapters/Auth/keycloak.js @@ -51,10 +51,12 @@ const arraysEqual = (_arr1, _arr2) => { const handleAuth = async ({ access_token, id, roles, groups } = {}, { config } = {}) => { if (!(access_token && id)) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Missing access token and/or User id'); + console.error('Missing access token and/or User id'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed'); } if (!config || !(config['auth-server-url'] && config['realm'])) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Missing keycloak configuration'); + console.error('Missing Keycloak configuration'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed'); } try { const response = await httpsRequest.get({ @@ -73,18 +75,22 @@ const handleAuth = async ({ access_token, id, roles, groups } = {}, { config } = ) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid authentication'); + console.error('Invalid authentication: response data does not match'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed'); } catch (e) { if (e instanceof Parse.Error) { + console.error('Parse Error:', e.message); throw e; } const error = JSON.parse(e.text); if (error.error_description) { - throw new Parse.Error(Parse.Error.HOSTING_ERROR, error.error_description); + console.error('Authentication server error:', error.error_description); + throw new Parse.Error(Parse.Error.HOSTING_ERROR, 'Authentication failed'); } else { + console.error('Could not connect to the authentication server'); throw new Parse.Error( Parse.Error.HOSTING_ERROR, - 'Could not connect to the authentication server' + 'Authentication failed' ); } } diff --git a/src/Adapters/Auth/ldap.js b/src/Adapters/Auth/ldap.js index 8ea735698f..9db4091d6d 100644 --- a/src/Adapters/Auth/ldap.js +++ b/src/Adapters/Auth/ldap.js @@ -3,8 +3,9 @@ const Parse = require('parse/node').Parse; function validateAuthData(authData, options) { if (!optionsAreValid(options)) { + console.error('LDAP auth configuration missing'); return new Promise((_, reject) => { - reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'LDAP auth configuration missing')); + reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication failed')); }); } const clientOptions = options.url.startsWith('ldaps://') @@ -26,18 +27,19 @@ function validateAuthData(authData, options) { case 49: error = new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'LDAP: Wrong username or password' + 'Authentication failed' ); break; case 'DEPTH_ZERO_SELF_SIGNED_CERT': - error = new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'LDAPS: Certificate mismatch'); + error = new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Certificate mismatch'); break; default: error = new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'LDAP: Somthing went wrong (' + ldapError.code + ')' + 'Authentication failed' ); } + console.error('LDAP Error:', ldapError); reject(error); client.destroy(ldapError); return; @@ -75,7 +77,8 @@ function searchForGroup(client, options, id, resolve, reject) { if (searchError) { client.unbind(); client.destroy(); - return reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'LDAP group search failed')); + console.error('LDAP Search Error:', searchError); + return reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication failed')); } res.on('searchEntry', entry => { if (entry.pojo.attributes.find(obj => obj.type === 'cn').values.includes(options.groupCn)) { @@ -90,14 +93,15 @@ function searchForGroup(client, options, id, resolve, reject) { client.unbind(); client.destroy(); return reject( - new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'LDAP: User not in group') + new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication failed') ); } }); res.on('error', () => { client.unbind(); client.destroy(); - return reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'LDAP group search failed')); + console.error('LDAP Group Search Error'); + return reject(new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication failed')); }); }); } diff --git a/src/Adapters/Auth/line.js b/src/Adapters/Auth/line.js index d773323f70..24cba9f752 100644 --- a/src/Adapters/Auth/line.js +++ b/src/Adapters/Auth/line.js @@ -8,7 +8,11 @@ function validateAuthData(authData) { if (response && response.userId && response.userId === authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Line auth is invalid for this user.'); + console.error('Line auth validation failed. Response:', response); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid authentication'); + }).catch(err=>{ + console.error('Error validating Line auth:',err); + throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Authentication validation failed'); }); } diff --git a/src/Adapters/Auth/linkedin.js b/src/Adapters/Auth/linkedin.js index 4faa2eb2a9..56a8ce24b6 100644 --- a/src/Adapters/Auth/linkedin.js +++ b/src/Adapters/Auth/linkedin.js @@ -8,7 +8,8 @@ function validateAuthData(authData) { if (data && data.id == authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Linkedin auth is invalid for this user.'); + console.error('Linkedin auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed'); }); } diff --git a/src/Adapters/Auth/meetup.js b/src/Adapters/Auth/meetup.js index 93dc1d48ad..e36048738b 100644 --- a/src/Adapters/Auth/meetup.js +++ b/src/Adapters/Auth/meetup.js @@ -8,7 +8,8 @@ function validateAuthData(authData) { if (data && data.id == authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Meetup auth is invalid for this user.'); + console.error('Meetup auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed'); }); } diff --git a/src/Adapters/Auth/microsoft.js b/src/Adapters/Auth/microsoft.js index 9f4f5c4ea4..3090fd8afa 100644 --- a/src/Adapters/Auth/microsoft.js +++ b/src/Adapters/Auth/microsoft.js @@ -8,9 +8,10 @@ function validateAuthData(authData) { if (response && response.id && response.id == authData.id) { return; } + console.error('Microsoft Graph auth is invalid for this user.'); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'Microsoft Graph auth is invalid for this user.' + 'Authentication failed' ); }); } diff --git a/src/Adapters/Auth/oauth2.js b/src/Adapters/Auth/oauth2.js index ba1fe7bc4f..9ab2a44bb7 100644 --- a/src/Adapters/Auth/oauth2.js +++ b/src/Adapters/Auth/oauth2.js @@ -58,10 +58,12 @@ const querystring = require('querystring'); const httpsRequest = require('./httpsRequest'); const INVALID_ACCESS = 'OAuth2 access token is invalid for this user.'; +const INVALID_RESPONSE = 'Authentication failed'; const INVALID_ACCESS_APPID = "OAuth2: the access_token's appID is empty or is not in the list of permitted appIDs in the auth configuration."; const MISSING_APPIDS = 'OAuth2 configuration is missing the client app IDs ("appIds" config parameter).'; +const MISSING_RESPONSE = 'Configuration Error.'; const MISSING_URL = 'OAuth2 token introspection endpoint URL is missing from configuration!'; // Returns a promise that fulfills if this user id is valid. @@ -72,7 +74,8 @@ function validateAuthData(authData, options) { !response.active || (options.useridField && authData.id !== response[options.useridField]) ) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_ACCESS); + console.error(INVALID_ACCESS); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_RESPONSE); } }); } @@ -82,15 +85,18 @@ function validateAppId(appIds, authData, options) { return Promise.resolve(); } if (!appIds || appIds.length === 0) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_APPIDS); + console.error(MISSING_APPIDS); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_RESPONSE); } return requestTokenInfo(options, authData.access_token).then(response => { if (!response || !response.active) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_ACCESS); + console.error(INVALID_ACCESS); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_RESPONSE); } const appidField = options.appidField; if (!response[appidField]) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_ACCESS_APPID); + console.error(INVALID_ACCESS_APPID); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_RESPONSE); } const responseValue = response[appidField]; if (!Array.isArray(responseValue) && appIds.includes(responseValue)) { @@ -101,7 +107,8 @@ function validateAppId(appIds, authData, options) { ) { return; } else { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_ACCESS_APPID); + console.error(INVALID_ACCESS_APPID); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, INVALID_RESPONSE); } }); } @@ -109,7 +116,8 @@ function validateAppId(appIds, authData, options) { // A promise wrapper for requests to the OAuth2 token introspection endpoint. function requestTokenInfo(options, access_token) { if (!options || !options.tokenIntrospectionEndpointUrl) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_URL); + console.error(MISSING_URL); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, MISSING_RESPONSE); } const parsedUrl = new URL(options.tokenIntrospectionEndpointUrl); const postData = querystring.stringify({ diff --git a/src/Adapters/Auth/phantauth.js b/src/Adapters/Auth/phantauth.js index a7fba68dc5..1f8bdda1a8 100644 --- a/src/Adapters/Auth/phantauth.js +++ b/src/Adapters/Auth/phantauth.js @@ -14,7 +14,8 @@ function validateAuthData(authData) { if (data && data.sub == authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'PhantAuth auth is invalid for this user.'); + console.error('PhantAuth auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); }); } diff --git a/src/Adapters/Auth/qq.js b/src/Adapters/Auth/qq.js index dddc7cc7a3..fc25cc7c6b 100644 --- a/src/Adapters/Auth/qq.js +++ b/src/Adapters/Auth/qq.js @@ -8,7 +8,8 @@ function validateAuthData(authData) { if (data && data.openid == authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'qq auth is invalid for this user.'); + console.error('qq auth is invalid for this user.') + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); }); } @@ -28,7 +29,8 @@ function parseResponseData(data) { const starPos = data.indexOf('('); const endPos = data.indexOf(')'); if (starPos == -1 || endPos == -1) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'qq auth is invalid for this user.'); + console.error('qq auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } data = data.substring(starPos + 1, endPos - 1); return JSON.parse(data); diff --git a/src/Adapters/Auth/spotify.js b/src/Adapters/Auth/spotify.js index 604868d078..a7551025ea 100644 --- a/src/Adapters/Auth/spotify.js +++ b/src/Adapters/Auth/spotify.js @@ -8,7 +8,8 @@ function validateAuthData(authData) { if (data && data.id == authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Spotify auth is invalid for this user.'); + console.error('Spotify auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); }); } @@ -16,14 +17,17 @@ function validateAuthData(authData) { async function validateAppId(appIds, authData) { const access_token = authData.access_token; if (!Array.isArray(appIds)) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.'); + console.error('appIds must be an array.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } if (!appIds.length) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Spotify auth is not configured.'); + console.error('Spotify auth is not configured.') + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } const data = await request('me', access_token); if (!data || !appIds.includes(data.id)) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Spotify auth is invalid for this user.'); + console.error('Spotify auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } } diff --git a/src/Adapters/Auth/twitter.js b/src/Adapters/Auth/twitter.js index eac83cbed4..ae63ecb4ca 100644 --- a/src/Adapters/Auth/twitter.js +++ b/src/Adapters/Auth/twitter.js @@ -5,7 +5,8 @@ var Parse = require('parse/node').Parse; // Returns a promise that fulfills iff this user id is valid. function validateAuthData(authData, options) { if (!options) { - throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Twitter auth configuration missing'); + console.error('Twitter auth configuration missing'); + throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Unauthorized'); } options = handleMultipleConfigurations(authData, options); var client = new OAuth(options); @@ -17,7 +18,8 @@ function validateAuthData(authData, options) { if (data && data.id_str == '' + authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Twitter auth is invalid for this user.'); + console.error('Twitter auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); }); } @@ -30,14 +32,16 @@ function handleMultipleConfigurations(authData, options) { if (Array.isArray(options)) { const consumer_key = authData.consumer_key; if (!consumer_key) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Twitter auth is invalid for this user.'); + console.error('Twitter auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } options = options.filter(option => { return option.consumer_key == consumer_key; }); if (options.length == 0) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Twitter auth is invalid for this user.'); + console.error('Twitter auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized'); } options = options[0]; } diff --git a/src/Adapters/Auth/utils.js b/src/Adapters/Auth/utils.js index 0d4d7cd8a2..7f16692aeb 100644 --- a/src/Adapters/Auth/utils.js +++ b/src/Adapters/Auth/utils.js @@ -4,7 +4,8 @@ const Parse = require('parse/node').Parse; const getHeaderFromToken = token => { const decodedToken = jwt.decode(token, { complete: true }); if (!decodedToken) { - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `provided token does not decode as JWT`); + console.error('provided token does not decode as JWT'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`); } return decodedToken.header; diff --git a/src/Adapters/Auth/vkontakte.js b/src/Adapters/Auth/vkontakte.js index 46fd1248ae..fbba25bd32 100644 --- a/src/Adapters/Auth/vkontakte.js +++ b/src/Adapters/Auth/vkontakte.js @@ -21,10 +21,12 @@ function validateAuthData(authData, params) { ) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Vk auth is invalid for this user.'); + console.error('Vk auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed.'); }); } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Vk appIds or appSecret is incorrect.'); + console.error('Vk appIds or appSecret is incorrect.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed.'); }); } @@ -37,9 +39,10 @@ function vkOAuth2Request(params) { !params.appSecret || !params.appSecret.length ) { + console.error('Vk auth is not configured. Missing appIds or appSecret.'); throw new Parse.Error( Parse.Error.OBJECT_NOT_FOUND, - 'Vk auth is not configured. Missing appIds or appSecret.' + 'Configuration Error' ); } if (!params.apiVersion) { diff --git a/src/Adapters/Auth/wechat.js b/src/Adapters/Auth/wechat.js index 82ddb851ef..9d5448e453 100644 --- a/src/Adapters/Auth/wechat.js +++ b/src/Adapters/Auth/wechat.js @@ -9,7 +9,8 @@ function validateAuthData(authData) { if (data.errcode == 0) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'wechat auth is invalid for this user.'); + console.error('wechat auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed.'); } ); } diff --git a/src/Adapters/Auth/weibo.js b/src/Adapters/Auth/weibo.js index a29c3872df..5f34d28f72 100644 --- a/src/Adapters/Auth/weibo.js +++ b/src/Adapters/Auth/weibo.js @@ -9,7 +9,8 @@ function validateAuthData(authData) { if (data && data.uid == authData.id) { return; } - throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'weibo auth is invalid for this user.'); + console.error('weibo auth is invalid for this user.'); + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed.'); }); }