yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Some authentication notices not displayed, injection of arbitrary strings

Browse Source
This commit is contained in:
Tom Moor
2023-04-11 21:54:53 -04:00
parent 3e20c437fa
commit a9800165c1
3 changed files with 38 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
app/scenes/Login/Notices.tsx
View File

@@ -7,7 +7,6 @@ import useQuery from "~/hooks/useQuery";
export default function Notices() {
const query = useQuery();
const notice = query.get("notice");
const description = query.get("description");
if (!notice) {
return null;
@@ -15,12 +14,18 @@ export default function Notices() {
return (
<Notice icon={<WarningIcon color="currentcolor" />}>
{notice === "domain-not-allowed" && (
<Trans>
The domain associated with your email address has not been allowed for
this workspace.
</Trans>
)}
{notice === "domain-required" && (
<Trans>
Unable to sign-in. Please navigate to your team's custom URL, then try
to sign-in again.
Unable to sign-in. Please navigate to your workspace's custom URL,
then try to sign-in again.
<hr />
If you were invited to a team, you will find a link to it in the
If you were invited to a workspace, you will find a link to it in the
invite email.
</Trans>
)}
@@ -33,7 +38,7 @@ export default function Notices() {
)}
{notice === "maximum-teams" && (
<Trans>
The team you authenticated with is not authorized on this
The workspace you authenticated with is not authorized on this
installation. Try another?
</Trans>
)}
@@ -54,34 +59,28 @@ export default function Notices() {
try again in a few minutes.
</Trans>
)}
{(notice === "auth-error" || notice === "state-mismatch") &&
(description ? (
<>{description}</>
) : (
<Trans>
Authentication failed we were unable to sign you in at this time.
Please try again.
</Trans>
))}
{notice === "invalid-authentication" &&
(description ? (
<>{description}</>
) : (
<Trans>
Authentication failed you do not have permission to access this
team.
</Trans>
))}
{(notice === "auth-error" || notice === "state-mismatch") && (
<Trans>
Authentication failed we were unable to sign you in at this time.
Please try again.
</Trans>
)}
{notice === "invalid-authentication" && (
<Trans>
Authentication failed you do not have permission to access this
workspace.
</Trans>
)}
{notice === "expired-token" && (
<Trans>
Sorry, it looks like that sign-in link is no longer valid, please try
requesting another.
</Trans>
)}
{notice === "suspended" && (
{(notice === "suspended" || notice === "user-suspended") && (
<Trans>
Your account has been suspended. To re-activate your account, please
contact a team admin.
contact a workspace admin.
</Trans>
)}
{notice === "authentication-provider-disabled" && (
@@ -92,16 +91,16 @@ export default function Notices() {
)}
{notice === "invite-required" && (
<Trans>
The team you are trying to join requires an invite before you can
The workspace you are trying to join requires an invite before you can
create an account.
<hr />
Please request an invite from your team admin and try again.
Please request an invite from your workspace admin and try again.
</Trans>
)}
{notice === "domain-not-allowed" && (
<Trans>
Sorry, your domain is not allowed. Please try again with an allowed
team domain.
workspace domain.
</Trans>
)}
</Notice>

4
server/commands/accountProvisioner.ts
View File

@@ -111,6 +111,10 @@ async function accountProvisioner({
}
}
if (err.id) {
throw err;
}
if (!result) {
throw InvalidAuthenticationError(err.message);
}

13
shared/i18n/locales/en_US/translation.json
View File

@@ -628,19 +628,20 @@
"You signed in with {{ authProviderName }} last time.": "You signed in with {{ authProviderName }} last time.",
"Or": "Or",
"Already have an account? Go to <1>login</1>.": "Already have an account? Go to <1>login</1>.",
"Unable to sign-in. Please navigate to your team's custom URL, then try to sign-in again.<1></1>If you were invited to a team, you will find a link to it in the invite email.": "Unable to sign-in. Please navigate to your team's custom URL, then try to sign-in again.<1></1>If you were invited to a team, you will find a link to it in the invite email.",
"The domain associated with your email address has not been allowed for this workspace.": "The domain associated with your email address has not been allowed for this workspace.",
"Unable to sign-in. Please navigate to your workspace's custom URL, then try to sign-in again.<1></1>If you were invited to a workspace, you will find a link to it in the invite email.": "Unable to sign-in. Please navigate to your workspace's custom URL, then try to sign-in again.<1></1>If you were invited to a workspace, you will find a link to it in the invite email.",
"Sorry, a new account cannot be created with a personal Gmail address.<1></1>Please use a Google Workspaces account instead.": "Sorry, a new account cannot be created with a personal Gmail address.<1></1>Please use a Google Workspaces account instead.",
"The team you authenticated with is not authorized on this installation. Try another?": "The team you authenticated with is not authorized on this installation. Try another?",
"The workspace you authenticated with is not authorized on this installation. Try another?": "The workspace you authenticated with is not authorized on this installation. Try another?",
"We could not read the user info supplied by your identity provider.": "We could not read the user info supplied by your identity provider.",
"Your account uses email sign-in, please sign-in with email to continue.": "Your account uses email sign-in, please sign-in with email to continue.",
"An email sign-in link was recently sent, please check your inbox or try again in a few minutes.": "An email sign-in link was recently sent, please check your inbox or try again in a few minutes.",
"Authentication failed we were unable to sign you in at this time. Please try again.": "Authentication failed we were unable to sign you in at this time. Please try again.",
"Authentication failed you do not have permission to access this team.": "Authentication failed you do not have permission to access this team.",
"Authentication failed you do not have permission to access this workspace.": "Authentication failed you do not have permission to access this workspace.",
"Sorry, it looks like that sign-in link is no longer valid, please try requesting another.": "Sorry, it looks like that sign-in link is no longer valid, please try requesting another.",
"Your account has been suspended. To re-activate your account, please contact a team admin.": "Your account has been suspended. To re-activate your account, please contact a team admin.",
"Your account has been suspended. To re-activate your account, please contact a workspace admin.": "Your account has been suspended. To re-activate your account, please contact a workspace admin.",
"Authentication failed this login method was disabled by a team admin.": "Authentication failed this login method was disabled by a team admin.",
"The team you are trying to join requires an invite before you can create an account.<1></1>Please request an invite from your team admin and try again.": "The team you are trying to join requires an invite before you can create an account.<1></1>Please request an invite from your team admin and try again.",
"Sorry, your domain is not allowed. Please try again with an allowed team domain.": "Sorry, your domain is not allowed. Please try again with an allowed team domain.",
"The workspace you are trying to join requires an invite before you can create an account.<1></1>Please request an invite from your workspace admin and try again.": "The workspace you are trying to join requires an invite before you can create an account.<1></1>Please request an invite from your workspace admin and try again.",
"Sorry, your domain is not allowed. Please try again with an allowed workspace domain.": "Sorry, your domain is not allowed. Please try again with an allowed workspace domain.",
"Any collection": "Any collection",
"Any time": "Any time",
"Past day": "Past day",