use err.approvalToken.invalid instead of err.totpToken.invalid when checking approvals

4 år sedan · c4bffb3d0e
--- a/bubble-server/src/main/java/bubble/resources/account/AuthResource.java
+++ b/bubble-server/src/main/java/bubble/resources/account/AuthResource.java
@@ -277,19 +277,19 @@ public class AuthResource {
            final String accountName = NameAndValue.find(data, DATA_ACCOUNT_NAME);
            final Account account = accountDAO.findById(accountName);
            if (caller != null && account != null && !caller.getUuid().equals(account.getUuid())) {
                return invalid("err.totpToken.invalid");
                return invalid("err.approvalToken.invalid");
            }
            if (caller == null && account == null) {
                return invalid("err.totpToken.invalid");
                return invalid("err.approvalToken.invalid");
            }
            caller = account;
        }
        final AccountMessage approval = messageService.approve(caller, getRemoteHost(req), token, data);
        if (approval == null) return invalid("err.totpToken.invalid");
        if (approval == null) return invalid("err.approvalToken.invalid");
        final Account account = validateCallerForApproveOrDeny(caller, approval, token);

        if (approval.getMessageType() == AccountMessageType.confirmation) {
            if (account == null) return invalid("err.totpToken.invalid");
            if (account == null) return invalid("err.approvalToken.invalid");
            if (approval.getAction() == AccountAction.login) {
                return ok(account.setToken(sessionDAO.create(account)));
            } else {
--- a/bubble-server/src/main/java/bubble/service/account/StandardAccountMessageService.java
+++ b/bubble-server/src/main/java/bubble/service/account/StandardAccountMessageService.java
@@ -128,6 +128,7 @@ public class StandardAccountMessageService implements AccountMessageService {
        if (approval == null) {
            return null;
        }
        if (account == null) account = accountDAO.findByUuid(approval.getAccount());
        final AccountMessageApprovalStatus approvalStatus = messageDAO.requestApproved(account, approval);
        if (approvalStatus == AccountMessageApprovalStatus.ok_confirmed) {
            final AccountPolicy policy = policyDAO.findSingleByAccount(account.getUuid());
--- a/bubble-server/src/main/resources/message_templates/en_US/server/pre_auth/ResourceMessages.properties
+++ b/bubble-server/src/main/resources/message_templates/en_US/server/pre_auth/ResourceMessages.properties
@@ -85,7 +85,8 @@ err.timezone.unknown=An error occurred trying to determine the time zone
 err.timezone.length=Time zone is too long
 err.timezone.required=Time zone is required

 # Authenticator token errors
 # Token errors
 err.approvalToken.invalid=Code is incorrect or no longer valid
 err.totpToken.invalid=Code is incorrect
 err.totpToken.invalidActionTarget=Action target was invalid (expected 'account' or 'network')
 err.totpToken.noSession=Session required for authenticator
--- a/+ 1
+++ b/+ 1
@@ -1 +1 @@
 Subproject commit 519e0e4948ae275886913a8e4e956bd3b9d7e38b
 Subproject commit 588df94156b229b7cfebd1e3364ab00aebd319b0