NuKVM/xen-orchestra
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(xo-server/authenticateUser): use clearLogOnSuccess

Browse Source 
This fixes success logs not deleted due to race conditions.
This commit is contained in:
Julien Fontanet 2023-10-04 10:22:48 +02:00
parent e3dd59d684
commit 3f8436b58b
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
packages/xo-server/src/xo-mixins/authentication.mjs
View File

@ -138,14 +138,20 @@ export default class {
async authenticateUser(credentials, userData) { async authenticateUser(credentials, userData) {
const { tasks } = this._app const { tasks } = this._app
const task = await tasks.create({ const task = await tasks.create(
type: 'xo:authentication:authenticateUser', {
name: 'XO user authentication', type: 'xo:authentication:authenticateUser',
credentials: replace(credentials), name: 'XO user authentication',
userData, credentials: replace(credentials),
}) userData,
},
{
// only keep trace of failed attempts
clearLogOnSuccess: true,
}
)
const result = await task.run(async () => { return task.run(async () => {
// don't even attempt to authenticate with empty password // don't even attempt to authenticate with empty password
const { password } = credentials const { password } = credentials
if (password === '') { if (password === '') {
@ -177,11 +183,6 @@ export default class {
delete failures[username] delete failures[username]
return result return result
}) })
// only keep trace of failed attempts
await tasks.deleteLog(task.id)
return result
} }
// ----------------------------------------------------------------- // -----------------------------------------------------------------