nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2024-09-20 15:26:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

ensure non-200 response for errors

Browse source
This commit is contained in:
Andris Reinman 2021-05-20 14:47:20 +03:00
parent d52adcebcf
commit 25eb5b198b
20 changed files with 218 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/api/openapi.yml
View file

@ -4088,7 +4088,7 @@ components:
example: '2021-06-26T21:55:55.000Z' example: '2021-06-26T21:55:55.000Z'
altNames: altNames:
type: array type: array
description: Hostnames listed in the certificate description: SAN servernames listed in the certificate
items: items:
type: string type: string
example: ['example.com', 'www.example.com'] example: ['example.com', 'www.example.com']
@ -5962,7 +5962,7 @@ components:
example: '2021-06-26T21:55:55.000Z' example: '2021-06-26T21:55:55.000Z'
altNames: altNames:
type: array type: array
description: Hostnames listed in the certificate description: SAN servernames listed in the certificate
items: items:
type: string type: string
example: ['example.com', 'www.example.com'] example: ['example.com', 'www.example.com']

2
lib/api/2fa/custom.js
View file

@ -10,7 +10,6 @@ const { sessSchema, sessIPSchema } = require('../../schemas');
// master password usage for IMAP/POP/SMTP clients // master password usage for IMAP/POP/SMTP clients
module.exports = (db, server, userHandler) => { module.exports = (db, server, userHandler) => {
server.put( server.put(
'/users/:user/2fa/custom', '/users/:user/2fa/custom',
tools.asyncifyJson(async (req, res, next) => { tools.asyncifyJson(async (req, res, next) => {
@ -92,6 +91,7 @@ module.exports = (db, server, userHandler) => {
let disabled2fa = await userHandler.disableCustom2fa(user, result.value); let disabled2fa = await userHandler.disableCustom2fa(user, result.value);
if (!disabled2fa) { if (!disabled2fa) {
res.status(500);
res.json({ res.json({
error: 'Failed to disable 2FA', error: 'Failed to disable 2FA',
code: '2FADisableFailed' code: '2FADisableFailed'

2
lib/api/2fa/totp.js
View file

@ -94,6 +94,7 @@ module.exports = (db, server, userHandler) => {
let { success, disabled2fa } = await userHandler.enableTotp(user, result.value); let { success, disabled2fa } = await userHandler.enableTotp(user, result.value);
if (!success) { if (!success) {
res.status(400);
res.json({ res.json({
error: 'Invalid authentication token', error: 'Invalid authentication token',
code: 'InvalidToken' code: 'InvalidToken'
@ -200,6 +201,7 @@ module.exports = (db, server, userHandler) => {
let totp = await userHandler.checkTotp(user, result.value); let totp = await userHandler.checkTotp(user, result.value);
if (!totp) { if (!totp) {
res.status(403);
res.json({ res.json({
error: 'Failed to validate TOTP', error: 'Failed to validate TOTP',
code: 'InvalidToken' code: 'InvalidToken'

4
lib/api/2fa/u2f.js
View file

@ -138,6 +138,7 @@ module.exports = (db, server, userHandler) => {
let { success, disabled2fa } = await userHandler.enableU2f(user, result.value); let { success, disabled2fa } = await userHandler.enableU2f(user, result.value);
if (!success) { if (!success) {
res.status(500);
res.json({ res.json({
error: 'Failed to enable U2F', error: 'Failed to enable U2F',
code: 'U2fEnableFailed' code: 'U2fEnableFailed'
@ -199,6 +200,7 @@ module.exports = (db, server, userHandler) => {
let user = new ObjectID(result.value.user); let user = new ObjectID(result.value.user);
let u2f = await userHandler.disableU2f(user, result.value); let u2f = await userHandler.disableU2f(user, result.value);
if (!u2f) { if (!u2f) {
res.status(500);
res.json({ res.json({
error: 'Failed to disable U2F', error: 'Failed to disable U2F',
code: 'U2fDisableFailed' code: 'U2fDisableFailed'
@ -252,6 +254,7 @@ module.exports = (db, server, userHandler) => {
let user = new ObjectID(result.value.user); let user = new ObjectID(result.value.user);
let u2fAuthRequest = await userHandler.startU2f(user, result.value); let u2fAuthRequest = await userHandler.startU2f(user, result.value);
if (!result) { if (!result) {
res.status(500);
res.json({ res.json({
error: 'Failed to generate authentication request for U2F', error: 'Failed to generate authentication request for U2F',
code: 'U2fFail' code: 'U2fFail'
@ -330,6 +333,7 @@ module.exports = (db, server, userHandler) => {
let user = new ObjectID(result.value.user); let user = new ObjectID(result.value.user);
let u2f = await userHandler.checkU2f(user, result.value); let u2f = await userHandler.checkU2f(user, result.value);
if (!u2f) { if (!u2f) {
res.status(500);
res.json({ res.json({
error: 'Failed to validate U2F request', error: 'Failed to validate U2F request',
code: 'U2fFail' code: 'U2fFail'

47
lib/api/addresses.js
View file

@ -166,6 +166,7 @@ module.exports = (db, server, userHandler) => {
try { try {
listing = await MongoPaging.find(db.users.collection('addresses'), opts); listing = await MongoPaging.find(db.users.collection('addresses'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -378,6 +379,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -386,6 +388,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -399,6 +402,7 @@ module.exports = (db, server, userHandler) => {
addrview: tools.uview(address) addrview: tools.uview(address)
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -407,6 +411,7 @@ module.exports = (db, server, userHandler) => {
} }
if (addressData) { if (addressData) {
res.status(400);
res.json({ res.json({
error: 'This email address already exists', error: 'This email address already exists',
code: 'AddressExistsError' code: 'AddressExistsError'
@ -440,6 +445,7 @@ module.exports = (db, server, userHandler) => {
try { try {
r = await db.users.collection('addresses').insertOne(addressData); r = await db.users.collection('addresses').insertOne(addressData);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -537,6 +543,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -545,6 +552,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -565,6 +573,7 @@ module.exports = (db, server, userHandler) => {
}) })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -659,6 +668,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -667,6 +677,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -681,6 +692,7 @@ module.exports = (db, server, userHandler) => {
user user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -818,6 +830,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -826,6 +839,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -839,6 +853,7 @@ module.exports = (db, server, userHandler) => {
_id: id _id: id
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -856,6 +871,7 @@ module.exports = (db, server, userHandler) => {
} }
if (addressData.address.indexOf('*') >= 0 && result.value.address && result.value.address !== addressData.address) { if (addressData.address.indexOf('*') >= 0 && result.value.address && result.value.address !== addressData.address) {
res.status(400);
res.json({ res.json({
error: 'Can not change special address', error: 'Can not change special address',
code: 'ChangeNotAllowed' code: 'ChangeNotAllowed'
@ -864,6 +880,7 @@ module.exports = (db, server, userHandler) => {
} }
if (result.value.address && result.value.address.indexOf('*') >= 0 && result.value.address !== addressData.address) { if (result.value.address && result.value.address.indexOf('*') >= 0 && result.value.address !== addressData.address) {
res.status(400);
res.json({ res.json({
error: 'Can not change special address', error: 'Can not change special address',
code: 'ChangeNotAllowed' code: 'ChangeNotAllowed'
@ -872,6 +889,7 @@ module.exports = (db, server, userHandler) => {
} }
if ((result.value.address || addressData.address).indexOf('*') >= 0 && main) { if ((result.value.address || addressData.address).indexOf('*') >= 0 && main) {
res.status(400);
res.json({ res.json({
error: 'Can not set wildcard address as default', error: 'Can not set wildcard address as default',
code: 'WildcardNotPermitted' code: 'WildcardNotPermitted'
@ -908,6 +926,7 @@ module.exports = (db, server, userHandler) => {
code: 'AddressExistsError' code: 'AddressExistsError'
}); });
} else { } else {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -938,6 +957,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1003,6 +1023,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1011,6 +1032,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -1024,6 +1046,7 @@ module.exports = (db, server, userHandler) => {
_id: address _id: address
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1054,6 +1077,7 @@ module.exports = (db, server, userHandler) => {
_id: address _id: address
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1136,6 +1160,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1144,6 +1169,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -1186,6 +1212,7 @@ module.exports = (db, server, userHandler) => {
) )
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1347,6 +1374,7 @@ module.exports = (db, server, userHandler) => {
let addr = tools.normalizeAddress(target); let addr = tools.normalizeAddress(target);
let addrv = addr.substr(0, addr.indexOf('@')).replace(/\./g, '') + addr.substr(addr.indexOf('@')); let addrv = addr.substr(0, addr.indexOf('@')).replace(/\./g, '') + addr.substr(addr.indexOf('@'));
if (addrv === addrview) { if (addrv === addrview) {
res.status(400);
res.json({ res.json({
error: 'Can not forward to self "' + target + '"', error: 'Can not forward to self "' + target + '"',
code: 'InputValidationError' code: 'InputValidationError'
@ -1373,6 +1401,7 @@ module.exports = (db, server, userHandler) => {
value: target value: target
}; };
} else { } else {
res.status(400);
res.json({ res.json({
error: 'Unknown target type "' + target + '"', error: 'Unknown target type "' + target + '"',
code: 'InputValidationError' code: 'InputValidationError'
@ -1412,6 +1441,7 @@ module.exports = (db, server, userHandler) => {
addrview addrview
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1420,6 +1450,7 @@ module.exports = (db, server, userHandler) => {
} }
if (addressData) { if (addressData) {
res.status(400);
res.json({ res.json({
error: 'This email address already exists', error: 'This email address already exists',
code: 'AddressExistsError' code: 'AddressExistsError'
@ -1437,6 +1468,7 @@ module.exports = (db, server, userHandler) => {
}) })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1481,6 +1513,7 @@ module.exports = (db, server, userHandler) => {
try { try {
r = await db.users.collection('addresses').insertOne(addressData); r = await db.users.collection('addresses').insertOne(addressData);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1647,6 +1680,7 @@ module.exports = (db, server, userHandler) => {
_id: id _id: id
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1664,6 +1698,7 @@ module.exports = (db, server, userHandler) => {
} }
if (addressData.address.indexOf('*') >= 0 && result.value.address && result.value.address !== addressData.address) { if (addressData.address.indexOf('*') >= 0 && result.value.address && result.value.address !== addressData.address) {
res.status(400);
res.json({ res.json({
error: 'Can not change special address', error: 'Can not change special address',
code: 'ChangeNotAllowed' code: 'ChangeNotAllowed'
@ -1672,6 +1707,7 @@ module.exports = (db, server, userHandler) => {
} }
if (result.value.address && result.value.address.indexOf('*') >= 0 && result.value.address !== addressData.address) { if (result.value.address && result.value.address.indexOf('*') >= 0 && result.value.address !== addressData.address) {
res.status(400);
res.json({ res.json({
error: 'Can not change special address', error: 'Can not change special address',
code: 'ChangeNotAllowed' code: 'ChangeNotAllowed'
@ -1693,6 +1729,7 @@ module.exports = (db, server, userHandler) => {
let addr = tools.normalizeAddress(target); let addr = tools.normalizeAddress(target);
let addrv = addr.substr(0, addr.indexOf('@')).replace(/\./g, '') + addr.substr(addr.indexOf('@')); let addrv = addr.substr(0, addr.indexOf('@')).replace(/\./g, '') + addr.substr(addr.indexOf('@'));
if (addrv === addressData.addrview) { if (addrv === addressData.addrview) {
res.status(400);
res.json({ res.json({
error: 'Can not forward to self "' + target + '"', error: 'Can not forward to self "' + target + '"',
code: 'InputValidationError' code: 'InputValidationError'
@ -1719,6 +1756,7 @@ module.exports = (db, server, userHandler) => {
value: target value: target
}; };
} else { } else {
res.status(400);
res.json({ res.json({
error: 'Unknown target type "' + target + '"', error: 'Unknown target type "' + target + '"',
code: 'InputValidationError' code: 'InputValidationError'
@ -1740,6 +1778,7 @@ module.exports = (db, server, userHandler) => {
}) })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1773,6 +1812,7 @@ module.exports = (db, server, userHandler) => {
code: 'AddressExistsError' code: 'AddressExistsError'
}); });
} else { } else {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1825,6 +1865,7 @@ module.exports = (db, server, userHandler) => {
_id: address _id: address
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1848,6 +1889,7 @@ module.exports = (db, server, userHandler) => {
_id: address _id: address
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1908,6 +1950,7 @@ module.exports = (db, server, userHandler) => {
_id: address _id: address
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2017,6 +2060,7 @@ module.exports = (db, server, userHandler) => {
}); });
} }
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2187,6 +2231,7 @@ module.exports = (db, server, userHandler) => {
await cursor.close(); await cursor.close();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2202,6 +2247,7 @@ module.exports = (db, server, userHandler) => {
}); });
response.modifiedAddresses = r.modifiedCount; response.modifiedAddresses = r.modifiedCount;
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2216,6 +2262,7 @@ module.exports = (db, server, userHandler) => {
}); });
response.modifiedUsers = r.modifiedCount; response.modifiedUsers = r.modifiedCount;
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'

10
lib/api/asps.js
View file

@ -66,6 +66,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -74,6 +75,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -91,6 +93,7 @@ module.exports = (db, server, userHandler) => {
.sort({ _id: 1 }) .sort({ _id: 1 })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -177,6 +180,7 @@ module.exports = (db, server, userHandler) => {
user user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -185,6 +189,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!aspData) { if (!aspData) {
res.status(404);
res.json({ res.json({
error: 'Invalid or unknown ASP key', error: 'Invalid or unknown ASP key',
code: 'AspNotFound' code: 'AspNotFound'
@ -270,6 +275,7 @@ module.exports = (db, server, userHandler) => {
} }
if (generateMobileconfig && !scopes.includes('*') && ((!scopes.includes('imap') && !scopes.includes('pop3')) || !scopes.includes('smtp'))) { if (generateMobileconfig && !scopes.includes('*') && ((!scopes.includes('imap') && !scopes.includes('pop3')) || !scopes.includes('smtp'))) {
res.status(400);
res.json({ res.json({
error: 'Profile file requires either imap or pop3 and smtp scopes', error: 'Profile file requires either imap or pop3 and smtp scopes',
code: 'InvalidAuthScope' code: 'InvalidAuthScope'
@ -292,6 +298,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -300,6 +307,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -324,6 +332,7 @@ module.exports = (db, server, userHandler) => {
}) })
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -332,6 +341,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!addressData || !addressData.user.equals(userData._id)) { if (!addressData || !addressData.user.equals(userData._id)) {
res.status(404);
res.json({ res.json({
error: 'Invalid or unknown address', error: 'Invalid or unknown address',
code: 'AddressNotFound' code: 'AddressNotFound'

13
lib/api/auth.js
View file

@ -85,7 +85,7 @@ module.exports = (db, server, userHandler) => {
if (user) { if (user) {
response.id = user.toString(); response.id = user.toString();
} }
res.status(403); res.status(401);
res.json(response); res.json(response);
return next(); return next();
} }
@ -98,7 +98,7 @@ module.exports = (db, server, userHandler) => {
if (user) { if (user) {
response.id = user.toString(); response.id = user.toString();
} }
res.status(403); res.status(401);
res.json(response); res.json(response);
return next(); return next();
} }
@ -121,7 +121,7 @@ module.exports = (db, server, userHandler) => {
code: err.code || 'AuthFailed', code: err.code || 'AuthFailed',
id: user.toString() id: user.toString()
}; };
res.status(500); res.status(403);
res.json(response); res.json(response);
return next(); return next();
} }
@ -222,6 +222,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -230,6 +231,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -260,6 +262,7 @@ module.exports = (db, server, userHandler) => {
try { try {
listing = await MongoPaging.find(db.users.collection('authlog'), opts); listing = await MongoPaging.find(db.users.collection('authlog'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -347,6 +350,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -355,6 +359,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -367,6 +372,7 @@ module.exports = (db, server, userHandler) => {
try { try {
eventData = await db.users.collection('authlog').findOne(filter); eventData = await db.users.collection('authlog').findOne(filter);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -375,6 +381,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!eventData) { if (!eventData) {
res.status(404);
res.json({ res.json({
error: 'Event was not found', error: 'Event was not found',
code: 'EventNotFound' code: 'EventNotFound'

2
lib/api/autoreply.js
View file

@ -60,6 +60,7 @@ module.exports = (db, server) => {
if (typeof result.value.status === 'boolean') { if (typeof result.value.status === 'boolean') {
const r = await db.users.collection('users').updateOne({ _id: user }, { $set: { autoreply: result.value.status } }); const r = await db.users.collection('users').updateOne({ _id: user }, { $set: { autoreply: result.value.status } });
if (!r.matchedCount) { if (!r.matchedCount) {
res.status(404);
res.json({ res.json({
error: 'Unknown user', error: 'Unknown user',
code: 'UserNotFound' code: 'UserNotFound'
@ -75,6 +76,7 @@ module.exports = (db, server) => {
} else { } else {
const userData = await db.users.collection('users').findOne({ _id: user }, { projection: { _id: true, autoreply: true } }); const userData = await db.users.collection('users').findOne({ _id: user }, { projection: { _id: true, autoreply: true } });
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'Unknown user', error: 'Unknown user',
code: 'UserNotFound' code: 'UserNotFound'

6
lib/api/dkim.js
View file

@ -92,6 +92,7 @@ module.exports = (db, server) => {
try { try {
listing = await MongoPaging.find(db.database.collection('dkim'), opts); listing = await MongoPaging.find(db.database.collection('dkim'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -171,6 +172,7 @@ module.exports = (db, server) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -179,6 +181,7 @@ module.exports = (db, server) => {
} }
if (!dkimData) { if (!dkimData) {
res.status(404);
res.json({ res.json({
error: 'This domain does not exist', error: 'This domain does not exist',
code: 'DkimNotFound' code: 'DkimNotFound'
@ -245,6 +248,7 @@ module.exports = (db, server) => {
try { try {
response = await setDkim(result.value); response = await setDkim(result.value);
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -296,6 +300,7 @@ module.exports = (db, server) => {
try { try {
response = await getDkim({ _id: dkim }, false); response = await getDkim({ _id: dkim }, false);
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -348,6 +353,7 @@ module.exports = (db, server) => {
try { try {
response = await delDkim({ _id: dkim }); response = await delDkim({ _id: dkim });
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code

3
lib/api/domainaccess.js
View file

@ -71,6 +71,7 @@ module.exports = (db, server) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -135,6 +136,7 @@ module.exports = (db, server) => {
}) })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -197,6 +199,7 @@ module.exports = (db, server) => {
_id: domain _id: domain
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'

9
lib/api/domainaliases.js
View file

@ -98,6 +98,7 @@ module.exports = (db, server) => {
try { try {
listing = await MongoPaging.find(db.users.collection('domainaliases'), opts); listing = await MongoPaging.find(db.users.collection('domainaliases'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -179,6 +180,7 @@ module.exports = (db, server) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -187,6 +189,7 @@ module.exports = (db, server) => {
} }
if (aliasData) { if (aliasData) {
res.status(400);
res.json({ res.json({
error: 'This domain alias already exists', error: 'This domain alias already exists',
code: 'AliasExists' code: 'AliasExists'
@ -204,6 +207,7 @@ module.exports = (db, server) => {
created: new Date() created: new Date()
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -273,6 +277,7 @@ module.exports = (db, server) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -281,6 +286,7 @@ module.exports = (db, server) => {
} }
if (!aliasData) { if (!aliasData) {
res.status(404);
res.json({ res.json({
error: 'This alias does not exist', error: 'This alias does not exist',
code: 'AliasNotFound' code: 'AliasNotFound'
@ -333,6 +339,7 @@ module.exports = (db, server) => {
_id: alias _id: alias
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -403,6 +410,7 @@ module.exports = (db, server) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -426,6 +434,7 @@ module.exports = (db, server) => {
_id: alias _id: alias
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'

19
lib/api/filters.js
View file

@ -57,6 +57,7 @@ module.exports = (db, server) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -65,6 +66,7 @@ module.exports = (db, server) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -83,6 +85,7 @@ module.exports = (db, server) => {
.sort({ _id: 1 }) .sort({ _id: 1 })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -106,6 +109,7 @@ module.exports = (db, server) => {
}) })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -182,6 +186,7 @@ module.exports = (db, server) => {
user user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -190,6 +195,7 @@ module.exports = (db, server) => {
} }
if (!filterData) { if (!filterData) {
res.status(404);
res.json({ res.json({
error: 'This filter does not exist', error: 'This filter does not exist',
code: 'FilterNotFound' code: 'FilterNotFound'
@ -208,6 +214,7 @@ module.exports = (db, server) => {
.sort({ _id: 1 }) .sort({ _id: 1 })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -298,6 +305,7 @@ module.exports = (db, server) => {
user user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -461,6 +469,7 @@ module.exports = (db, server) => {
value: target value: target
}; };
} else { } else {
res.status(400);
res.json({ res.json({
error: 'Unknown target type "' + target + '"', error: 'Unknown target type "' + target + '"',
code: 'InputValidationError' code: 'InputValidationError'
@ -480,6 +489,7 @@ module.exports = (db, server) => {
user user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -488,6 +498,7 @@ module.exports = (db, server) => {
} }
if (!mailboxData) { if (!mailboxData) {
res.status(404);
res.json({ res.json({
error: 'This mailbox does not exist', error: 'This mailbox does not exist',
code: 'NoSuchMailbox' code: 'NoSuchMailbox'
@ -511,6 +522,7 @@ module.exports = (db, server) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -519,6 +531,7 @@ module.exports = (db, server) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -530,6 +543,7 @@ module.exports = (db, server) => {
try { try {
r = await db.database.collection('filters').insertOne(filterData); r = await db.database.collection('filters').insertOne(filterData);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -715,6 +729,7 @@ module.exports = (db, server) => {
value: target value: target
}; };
} else { } else {
res.status(400);
res.json({ res.json({
error: 'Unknown target type "' + target + '"', error: 'Unknown target type "' + target + '"',
code: 'InputValidationError' code: 'InputValidationError'
@ -745,6 +760,7 @@ module.exports = (db, server) => {
user user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -753,6 +769,7 @@ module.exports = (db, server) => {
} }
if (!mailboxData) { if (!mailboxData) {
res.status(404);
res.json({ res.json({
error: 'This mailbox does not exist', error: 'This mailbox does not exist',
code: 'NoSuchMailbox' code: 'NoSuchMailbox'
@ -787,6 +804,7 @@ module.exports = (db, server) => {
try { try {
r = await db.database.collection('filters').findOneAndUpdate({ _id: filter, user }, update); r = await db.database.collection('filters').findOneAndUpdate({ _id: filter, user }, update);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -795,6 +813,7 @@ module.exports = (db, server) => {
} }
if (!r || !r.value || !r.value._id) { if (!r || !r.value || !r.value._id) {
res.status(404);
res.json({ res.json({
error: 'Filter was not found', error: 'Filter was not found',
code: 'FilterNotFound' code: 'FilterNotFound'

11
lib/api/mailboxes.js
View file

@ -78,6 +78,7 @@ module.exports = (db, server, mailboxHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -85,6 +86,7 @@ module.exports = (db, server, mailboxHandler) => {
return next(); return next();
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -132,6 +134,7 @@ module.exports = (db, server, mailboxHandler) => {
}) })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -303,6 +306,7 @@ module.exports = (db, server, mailboxHandler) => {
status = data.status; status = data.status;
id = data.id; id = data.id;
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -376,6 +380,7 @@ module.exports = (db, server, mailboxHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -383,6 +388,7 @@ module.exports = (db, server, mailboxHandler) => {
return next(); return next();
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -406,6 +412,7 @@ module.exports = (db, server, mailboxHandler) => {
try { try {
mailboxData = await db.database.collection('mailboxes').findOne(mailboxQuery); mailboxData = await db.database.collection('mailboxes').findOne(mailboxQuery);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -413,6 +420,7 @@ module.exports = (db, server, mailboxHandler) => {
return next(); return next();
} }
if (!mailboxData) { if (!mailboxData) {
res.status(404);
res.json({ res.json({
error: 'This mailbox does not exist', error: 'This mailbox does not exist',
code: 'NoSuchMailbox' code: 'NoSuchMailbox'
@ -516,6 +524,7 @@ module.exports = (db, server, mailboxHandler) => {
try { try {
status = await updateMailbox(user, mailbox, updates); status = await updateMailbox(user, mailbox, updates);
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -578,6 +587,7 @@ module.exports = (db, server, mailboxHandler) => {
try { try {
status = await deleteMailbox(user, mailbox); status = await deleteMailbox(user, mailbox);
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -586,6 +596,7 @@ module.exports = (db, server, mailboxHandler) => {
} }
if (typeof status === 'string') { if (typeof status === 'string') {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: 'Mailbox deletion failed with code ' + status, error: 'Mailbox deletion failed with code ' + status,
code: status code: status

49
lib/api/messages.js
View file

@ -98,6 +98,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
try { try {
result.value.metaData = JSON.stringify(result.value.metaData); result.value.metaData = JSON.stringify(result.value.metaData);
} catch (err) { } catch (err) {
res.status(400);
res.json({ res.json({
error: 'metaData value must be serializable to JSON', error: 'metaData value must be serializable to JSON',
code: 'InputValidationError' code: 'InputValidationError'
@ -111,6 +112,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
throw new Error('Not an object'); throw new Error('Not an object');
} }
} catch (err) { } catch (err) {
res.status(400);
res.json({ res.json({
error: 'metaData value must be valid JSON object string', error: 'metaData value must be valid JSON object string',
code: 'InputValidationError' code: 'InputValidationError'
@ -157,6 +159,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
}; };
} }
} else { } else {
res.status(404);
res.json({ res.json({
error: 'Invalid message identifier', error: 'Invalid message identifier',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -176,6 +179,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
}); });
info = data.info; info = data.info;
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -184,6 +188,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!info || !info.destinationUid || !info.destinationUid.length) { if (!info || !info.destinationUid || !info.destinationUid.length) {
res.status(404);
res.json({ res.json({
error: 'Could not move message, check if message exists', error: 'Could not move message, check if message exists',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -203,6 +208,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
try { try {
updated = await updateMessage(user, mailbox, messageQuery, result.value); updated = await updateMessage(user, mailbox, messageQuery, result.value);
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -211,6 +217,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!updated) { if (!updated) {
res.status(404);
res.json({ res.json({
error: 'No message matched query', error: 'No message matched query',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -292,6 +299,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -300,6 +308,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!mailboxData) { if (!mailboxData) {
res.status(404);
res.json({ res.json({
error: 'This mailbox does not exist', error: 'This mailbox does not exist',
code: 'NoSuchMailbox' code: 'NoSuchMailbox'
@ -364,6 +373,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
try { try {
listing = await MongoPaging.find(db.database.collection('messages'), opts); listing = await MongoPaging.find(db.database.collection('messages'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -490,6 +500,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -498,6 +509,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -532,6 +544,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
}) })
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -768,6 +781,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
try { try {
listing = await MongoPaging.find(db.database.collection('messages'), opts); listing = await MongoPaging.find(db.database.collection('messages'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -874,6 +888,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -881,6 +896,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
return next(); return next();
} }
if (!messageData || messageData.user.toString() !== user.toString()) { if (!messageData || messageData.user.toString() !== user.toString()) {
res.status(404);
res.json({ res.json({
error: 'This message does not exist', error: 'This message does not exist',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -1227,6 +1243,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1234,6 +1251,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
return next(); return next();
} }
if (!messageData || messageData.user.toString() !== user.toString()) { if (!messageData || messageData.user.toString() !== user.toString()) {
res.status(404);
res.json({ res.json({
error: 'This message does not exist', error: 'This message does not exist',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -1243,8 +1261,10 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
let attachmentId = messageData.mimeTree.attachmentMap && messageData.mimeTree.attachmentMap[attachment]; let attachmentId = messageData.mimeTree.attachmentMap && messageData.mimeTree.attachmentMap[attachment];
if (!attachmentId) { if (!attachmentId) {
res.status(404);
res.json({ res.json({
error: 'This attachment does not exist' error: 'This attachment does not exist',
code: 'AttachmentNotFound'
}); });
return next(); return next();
} }
@ -1492,6 +1512,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
await cursor.close(); await cursor.close();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError', code: 'InternalDatabaseError',
@ -1641,6 +1662,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
try { try {
result.value.metaData = JSON.stringify(result.value.metaData); result.value.metaData = JSON.stringify(result.value.metaData);
} catch (err) { } catch (err) {
res.status(400);
res.json({ res.json({
error: 'metaData value must be serializable to JSON', error: 'metaData value must be serializable to JSON',
code: 'InputValidationError' code: 'InputValidationError'
@ -1654,6 +1676,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
throw new Error('Not an object'); throw new Error('Not an object');
} }
} catch (err) { } catch (err) {
res.status(400);
res.json({ res.json({
error: 'metaData value must be valid JSON object string', error: 'metaData value must be valid JSON object string',
code: 'InputValidationError' code: 'InputValidationError'
@ -1683,6 +1706,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
user user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1690,6 +1714,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
return next(); return next();
} }
if (!mailboxData) { if (!mailboxData) {
res.status(404);
res.json({ res.json({
error: 'This mailbox does not exist', error: 'This mailbox does not exist',
code: 'NoSuchMailbox' code: 'NoSuchMailbox'
@ -1703,6 +1728,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
_id: user _id: user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1710,6 +1736,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
return next(); return next();
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -1718,6 +1745,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (userData.quota && userData.storageUsed > userData.quota) { if (userData.quota && userData.storageUsed > userData.quota) {
res.status(400);
res.json({ res.json({
error: 'User is over quota', error: 'User is over quota',
code: 'OVERQUOTA' code: 'OVERQUOTA'
@ -1726,6 +1754,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (userData.disabled || userData.suspended) { if (userData.disabled || userData.suspended) {
res.status(403);
res.json({ res.json({
error: 'User account is disabled', error: 'User account is disabled',
code: 'UserDisabled' code: 'UserDisabled'
@ -1826,6 +1855,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!raw || !raw.length) { if (!raw || !raw.length) {
res.status(400);
res.json({ res.json({
error: 'Empty message provided', error: 'Empty message provided',
code: 'EmptyMessage' code: 'EmptyMessage'
@ -1877,6 +1907,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
status = resp.status; status = resp.status;
messageData = resp.data; messageData = resp.data;
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.imapResponse code: err.imapResponse
@ -1959,6 +1990,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1966,6 +1998,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
return next(); return next();
} }
if (!messageData || messageData.user.toString() !== user.toString()) { if (!messageData || messageData.user.toString() !== user.toString()) {
res.status(404);
res.json({ res.json({
error: 'This message does not exist', error: 'This message does not exist',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -1997,6 +2030,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
let response = messageHandler.indexer.rebuild(messageData.mimeTree); let response = messageHandler.indexer.rebuild(messageData.mimeTree);
if (!response || response.type !== 'stream' || !response.value) { if (!response || response.type !== 'stream' || !response.value) {
res.status(404);
res.json({ res.json({
error: 'This message does not exist', error: 'This message does not exist',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -2120,6 +2154,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
_id: user _id: user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2128,6 +2163,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -2136,6 +2172,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (userData.disabled || userData.suspended) { if (userData.disabled || userData.suspended) {
res.status(403);
res.json({ res.json({
error: 'User account is disabled', error: 'User account is disabled',
code: 'UserDisabled' code: 'UserDisabled'
@ -2151,6 +2188,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
user user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2159,6 +2197,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!messageData) { if (!messageData) {
res.status(404);
res.json({ res.json({
error: 'This message does not exist', error: 'This message does not exist',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -2167,6 +2206,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!messageData.draft) { if (!messageData.draft) {
res.status(400);
res.json({ res.json({
error: 'This message is not a draft', error: 'This message is not a draft',
code: 'MessageNotDraft' code: 'MessageNotDraft'
@ -2238,6 +2278,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
let rebuilder = messageHandler.indexer.rebuild(messageData.mimeTree); let rebuilder = messageHandler.indexer.rebuild(messageData.mimeTree);
if (!rebuilder || rebuilder.type !== 'stream' || !rebuilder.value) { if (!rebuilder || rebuilder.type !== 'stream' || !rebuilder.value) {
res.status(404);
res.json({ res.json({
error: 'This message does not exist', error: 'This message does not exist',
code: 'MessageNotFound' code: 'MessageNotFound'
@ -2506,6 +2547,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
try { try {
listing = await MongoPaging.find(db.database.collection('archived'), opts); listing = await MongoPaging.find(db.database.collection('archived'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2589,6 +2631,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2597,6 +2640,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -2618,6 +2662,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
end end
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2679,6 +2724,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
_id: message _id: message
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -2687,6 +2733,7 @@ module.exports = (db, server, messageHandler, userHandler, storageHandler) => {
} }
if (!messageData) { if (!messageData) {
res.status(404);
res.json({ res.json({
error: 'This message does not exist', error: 'This message does not exist',
code: 'MessageNotFound' code: 'MessageNotFound'

7
lib/api/storage.js
View file

@ -67,6 +67,7 @@ module.exports = (db, server, storageHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -74,6 +75,7 @@ module.exports = (db, server, storageHandler) => {
return next(); return next();
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -145,6 +147,7 @@ module.exports = (db, server, storageHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -152,6 +155,7 @@ module.exports = (db, server, storageHandler) => {
return next(); return next();
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -194,6 +198,7 @@ module.exports = (db, server, storageHandler) => {
try { try {
listing = await MongoPaging.find(db.gridfs.collection('storage.files'), opts); listing = await MongoPaging.find(db.gridfs.collection('storage.files'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -313,6 +318,7 @@ module.exports = (db, server, storageHandler) => {
'metadata.user': user 'metadata.user': user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -321,6 +327,7 @@ module.exports = (db, server, storageHandler) => {
} }
if (!fileData) { if (!fileData) {
res.status(404);
res.json({ res.json({
error: 'This file does not exist', error: 'This file does not exist',
code: 'FileNotFound' code: 'FileNotFound'

1
lib/api/submit.js
View file

@ -740,6 +740,7 @@ module.exports = (db, server, messageHandler, userHandler) => {
info = await submitMessageWrapper(result.value); info = await submitMessageWrapper(result.value);
} catch (err) { } catch (err) {
log.error('API', 'SUBMIT error=%s', err.message); log.error('API', 'SUBMIT error=%s', err.message);
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code

2
lib/api/updates.js
View file

@ -66,6 +66,7 @@ module.exports = (db, server, notifier) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -73,6 +74,7 @@ module.exports = (db, server, notifier) => {
return next(); return next();
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'

26
lib/api/users.js
View file

@ -181,6 +181,7 @@ module.exports = (db, server, userHandler) => {
try { try {
listing = await MongoPaging.find(db.users.collection('users'), opts); listing = await MongoPaging.find(db.users.collection('users'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -347,6 +348,7 @@ module.exports = (db, server, userHandler) => {
try { try {
let count = await pwnedpasswords(result.value.password); let count = await pwnedpasswords(result.value.password);
if (count) { if (count) {
res.status(403);
res.json({ res.json({
error: 'Provided password was found from breached passwords list', error: 'Provided password was found from breached passwords list',
code: 'InsecurePasswordError' code: 'InsecurePasswordError'
@ -391,6 +393,7 @@ module.exports = (db, server, userHandler) => {
value: target value: target
}; };
} else { } else {
res.status(400);
res.json({ res.json({
error: 'Unknown target type "' + target + '"', error: 'Unknown target type "' + target + '"',
code: 'InputValidationError' code: 'InputValidationError'
@ -424,6 +427,7 @@ module.exports = (db, server, userHandler) => {
} }
if (result.value.username.indexOf('*') >= 0) { if (result.value.username.indexOf('*') >= 0) {
res.status(400);
res.json({ res.json({
error: 'Invalid character in username: *', error: 'Invalid character in username: *',
code: 'InputValidationError' code: 'InputValidationError'
@ -432,6 +436,7 @@ module.exports = (db, server, userHandler) => {
} }
if (/^\.|\.$|\.{2,}/g.test(result.value.username) || !/[^.]/.test(result.value.username)) { if (/^\.|\.$|\.{2,}/g.test(result.value.username) || !/[^.]/.test(result.value.username)) {
res.status(400);
res.json({ res.json({
error: 'Invalid dot symbols in username', error: 'Invalid dot symbols in username',
code: 'InputValidationError' code: 'InputValidationError'
@ -440,6 +445,7 @@ module.exports = (db, server, userHandler) => {
} }
if (result.value.address && result.value.address.indexOf('*') >= 0) { if (result.value.address && result.value.address.indexOf('*') >= 0) {
res.status(400);
res.json({ res.json({
error: 'Invalid character in email address: *', error: 'Invalid character in email address: *',
code: 'InputValidationError' code: 'InputValidationError'
@ -459,6 +465,7 @@ module.exports = (db, server, userHandler) => {
} }
result.value.mailboxes[key] = imapTools.normalizeMailbox(result.value.mailboxes[key]); result.value.mailboxes[key] = imapTools.normalizeMailbox(result.value.mailboxes[key]);
if (seen.has(result.value.mailboxes[key])) { if (seen.has(result.value.mailboxes[key])) {
res.status(400);
res.json({ res.json({
error: 'Duplicate mailbox name: ' + result.value.mailboxes[key], error: 'Duplicate mailbox name: ' + result.value.mailboxes[key],
code: 'InputValidationError' code: 'InputValidationError'
@ -476,6 +483,7 @@ module.exports = (db, server, userHandler) => {
try { try {
await checkPubKey(result.value.pubKey); await checkPubKey(result.value.pubKey);
} catch (err) { } catch (err) {
res.status(400);
res.json({ res.json({
error: 'PGP key validation failed. ' + err.message, error: 'PGP key validation failed. ' + err.message,
code: 'InputValidationError' code: 'InputValidationError'
@ -488,6 +496,7 @@ module.exports = (db, server, userHandler) => {
id = await userHandler.create(result.value); id = await userHandler.create(result.value);
} catch (err) { } catch (err) {
log.error('API', err); log.error('API', err);
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code, code: err.code,
@ -554,6 +563,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -562,6 +572,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -622,6 +633,7 @@ module.exports = (db, server, userHandler) => {
_id: user _id: user
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -630,6 +642,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -900,6 +913,7 @@ module.exports = (db, server, userHandler) => {
try { try {
let count = await pwnedpasswords(result.value.password); let count = await pwnedpasswords(result.value.password);
if (count) { if (count) {
res.status(403);
res.json({ res.json({
error: 'Provided password was found from breached passwords list', error: 'Provided password was found from breached passwords list',
code: 'InsecurePasswordError' code: 'InsecurePasswordError'
@ -938,6 +952,7 @@ module.exports = (db, server, userHandler) => {
value: target value: target
}; };
} else { } else {
res.status(400);
res.json({ res.json({
error: 'Unknown target type "' + target + '"', error: 'Unknown target type "' + target + '"',
code: 'InputValidationError' code: 'InputValidationError'
@ -980,6 +995,7 @@ module.exports = (db, server, userHandler) => {
try { try {
await checkPubKey(result.value.pubKey); await checkPubKey(result.value.pubKey);
} catch (err) { } catch (err) {
res.status(400);
res.json({ res.json({
error: 'PGP key validation failed. ' + err.message, error: 'PGP key validation failed. ' + err.message,
code: 'InputValidationError' code: 'InputValidationError'
@ -991,6 +1007,7 @@ module.exports = (db, server, userHandler) => {
try { try {
updateResponse = await userHandler.update(user, result.value); updateResponse = await userHandler.update(user, result.value);
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -1053,6 +1070,7 @@ module.exports = (db, server, userHandler) => {
try { try {
success = await userHandler.logout(result.value.user, result.value.reason || 'Logout requested from API'); success = await userHandler.logout(result.value.user, result.value.reason || 'Logout requested from API');
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -1115,6 +1133,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1123,6 +1142,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -1155,6 +1175,7 @@ module.exports = (db, server, userHandler) => {
]) ])
.toArray(); .toArray();
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1184,6 +1205,7 @@ module.exports = (db, server, userHandler) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -1192,6 +1214,7 @@ module.exports = (db, server, userHandler) => {
} }
if (!updateResponse || !updateResponse.value) { if (!updateResponse || !updateResponse.value) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -1297,6 +1320,7 @@ module.exports = (db, server, userHandler) => {
try { try {
password = await userHandler.reset(user, result.value); password = await userHandler.reset(user, result.value);
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -1349,6 +1373,7 @@ module.exports = (db, server, userHandler) => {
try { try {
task = await userHandler.delete(user, Object.assign({}, result.value)); task = await userHandler.delete(user, Object.assign({}, result.value));
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code
@ -1408,6 +1433,7 @@ module.exports = (db, server, userHandler) => {
try { try {
task = await userHandler.restore(user, Object.assign({}, result.value)); task = await userHandler.restore(user, Object.assign({}, result.value));
} catch (err) { } catch (err) {
res.status(500); // TODO: use response code specific status
res.json({ res.json({
error: err.message, error: err.message,
code: err.code code: err.code

6
lib/api/webhooks.js
View file

@ -102,6 +102,7 @@ module.exports = (db, server) => {
try { try {
listing = await MongoPaging.find(db.users.collection('webhooks'), opts); listing = await MongoPaging.find(db.users.collection('webhooks'), opts);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -198,6 +199,7 @@ module.exports = (db, server) => {
} }
); );
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -206,6 +208,7 @@ module.exports = (db, server) => {
} }
if (!userData) { if (!userData) {
res.status(404);
res.json({ res.json({
error: 'This user does not exist', error: 'This user does not exist',
code: 'UserNotFound' code: 'UserNotFound'
@ -226,6 +229,7 @@ module.exports = (db, server) => {
try { try {
r = await db.users.collection('webhooks').insertOne(webhookData); r = await db.users.collection('webhooks').insertOne(webhookData);
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -277,6 +281,7 @@ module.exports = (db, server) => {
_id: webhook _id: webhook
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'
@ -307,6 +312,7 @@ module.exports = (db, server) => {
_id: webhook _id: webhook
}); });
} catch (err) { } catch (err) {
res.status(500);
res.json({ res.json({
error: 'MongoDB Error: ' + err.message, error: 'MongoDB Error: ' + err.message,
code: 'InternalDatabaseError' code: 'InternalDatabaseError'

4
lib/cert-handler.js
View file

@ -318,7 +318,7 @@ class CertHandler {
// search for exact servername match at first // search for exact servername match at first
let certData = await this.database.collection('certs').findOne(query); let certData = await this.database.collection('certs').findOne(query);
if (!certData) { if (!certData || !certData.key || !certData.cert) {
if (cachedContext && cachedContext.context && cachedContext.entry && cachedContext.entry.servername === servername) { if (cachedContext && cachedContext.context && cachedContext.entry && cachedContext.entry.servername === servername) {
// we have a valid cached context // we have a valid cached context
return cachedContext.context; return cachedContext.context;
@ -339,7 +339,7 @@ class CertHandler {
} }
certData = await this.database.collection('certs').findOne(altQuery, { sort: { expires: -1 } }); certData = await this.database.collection('certs').findOne(altQuery, { sort: { expires: -1 } });
if (!certData) { if (!certData || !certData.key || !certData.cert) {
// still nothing, return whatever we have // still nothing, return whatever we have
return (cachedContext && cachedContext.context) || false; return (cachedContext && cachedContext.context) || false;
} }