Remove SRP when failing login 5 times, restart on 6th attempt.

2022-08-02 10:11:40 +01:00 · 2022-08-02 10:11:40 +01:00 · ed550d71a5
parent e0933dbfc1
commit ed550d71a5
2 changed files with 21 additions and 1 deletions
--- a/packages/app/src/elements/login-signup.ts
+++ b/packages/app/src/elements/login-signup.ts
@ -347,6 +347,26 @@ export class LoginOrSignup extends StartForm {
                        this._loginPasswordInput.focus();
                    }
                    return;
+                case ErrorCode.INVALID_SESSION:
+                    this._loginButton.stop();
+
+                    await alert($l("We failed to verify your session. Please start over!"), {
+                        type: "warning",
+                        title: $l("Authentication Failed"),
+                    });
+
+                    try {
+                        const pendingRequest = await this._getPendingAuth();
+                        if (pendingRequest) {
+                            this.router.setParams({ pendingAuth: undefined });
+                            this.app.storage.delete(pendingRequest);
+                        }
+                    } catch (e) {}
+
+                    await this.app.logout();
+
+                    router.go("start", { email });
+                    return;
                case ErrorCode.NOT_FOUND:
                    this._loginButton.fail();
                    this._accountDoesntExist(email);
--- a/packages/core/src/server.ts
+++ b/packages/core/src/server.ts
@ -583,7 +583,7 @@ export class Controller extends API {
        const srpState = auth.srpSessions.find((s) => s.id === srpId);

        if (!srpState) {
-            throw new Err(ErrorCode.INVALID_CREDENTIALS, "No srp session with the given id found!");
+            throw new Err(ErrorCode.INVALID_SESSION, "No srp session with the given id found!");
        }

        const srp = new SRPServer(srpState);