From 933ebdfebb012bc8b44ded3abe531f5b480f2c41 Mon Sep 17 00:00:00 2001 From: Christine Spang Date: Tue, 24 Jan 2017 18:48:24 -0800 Subject: [PATCH] [iso-core] Split cert validation error handling off socket error handling Summary: Now that we don't do strict validation of certificates for non-major IMAP providers this shouldn't come up as much, but when it does we're gonna want a better error message to help support out. I am not 100% sure there aren't other socket errors that should be fatal, but this was the one I could figure out by test authing against a server with a self-signed cert and grepping around the node socket source code. Test Plan: manual Reviewers: evan, juan Reviewed By: juan Differential Revision: https://phab.nylas.com/D3774 --- packages/isomorphic-core/src/auth-helpers.js | 6 ++++++ packages/isomorphic-core/src/imap-errors.js | 15 ++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/packages/isomorphic-core/src/auth-helpers.js b/packages/isomorphic-core/src/auth-helpers.js index a808f70ed..38769c743 100644 --- a/packages/isomorphic-core/src/auth-helpers.js +++ b/packages/isomorphic-core/src/auth-helpers.js @@ -33,6 +33,7 @@ const USER_ERRORS = { AUTH_500: "Please contact support@nylas.com. An unforeseen error has occurred.", IMAP_AUTH: "Incorrect username or password", IMAP_RETRY: "We were unable to reach your mail provider. Please try again.", + IMAP_CERT: "We couldn't make a secure connection to your mail provider. Please contact support@nylas.com.", } const SUPPORTED_PROVIDERS = new Set( @@ -147,6 +148,11 @@ module.exports = { reply({message: USER_ERRORS.IMAP_AUTH, type: "api_error"}).code(401); return } + if (err instanceof IMAPErrors.IMAPCertificateError) { + global.Logger.error({err}, 'Encountered certificate error while attempting to authenticate') + reply({message: USER_ERRORS.IMAP_CERT, type: "api_error"}).code(401); + return + } if (err instanceof IMAPErrors.RetryableError) { if (retryNum < MAX_RETRIES) { setTimeout(() => { diff --git a/packages/isomorphic-core/src/imap-errors.js b/packages/isomorphic-core/src/imap-errors.js index f2c5f93a6..476ba5f6d 100644 --- a/packages/isomorphic-core/src/imap-errors.js +++ b/packages/isomorphic-core/src/imap-errors.js @@ -28,6 +28,13 @@ class IMAPConnectionEndedError extends NylasError { } } +/** + * Certificate validation failures may correct themselves over long spans + * of time, but not over the short spans of time in which it'd make sense + * for us to retry. + */ +class IMAPCertificateError extends NylasError { } + /** * IMAPErrors may come from: * @@ -75,7 +82,12 @@ function convertImapError(imapError) { case "timeout": error = new IMAPConnectionTimeoutError(imapError); break; case "socket": - error = new IMAPSocketError(imapError); break; + if (imapError.code === "UNABLE_TO_VERIFY_LEAF_SIGNATURE") { + error = new IMAPCertificateError(imapError); + } else { + error = new IMAPSocketError(imapError); + } + break; case "protocol": error = new IMAPProtocolError(imapError); break; case "authentication": @@ -100,4 +112,5 @@ module.exports = { IMAPTransientAuthenticationError, IMAPConnectionNotReadyError, IMAPConnectionEndedError, + IMAPCertificateError, };