Skip to content

Commit

Permalink
fix(controllers): fix bot probability check in sws-pocket signup route
Browse files Browse the repository at this point in the history
  • Loading branch information
@rhahao
rhahao authored Oct 13, 2022
1 parent a4ab988 commit 6824f76
Showing 1 changed file with 58 additions and 73 deletions.
131 changes: 58 additions & 73 deletions src/controllers/sws-pocket-controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,86 +73,71 @@ export const pocketSignUp = async (req, res, next) => {
limit: 1,
});

// visitor id not found
if (visitorHistory.visits.length === 0) {
res.locals.failedLoginAttempt = true;
res.locals.type = 'warn';
res.locals.message = 'visitor id not found in fingerprint';
res.status(403).json({ message: 'UNAUTHORIZED_REQUEST' });
return;
}

// request does not meet requirements
const visit = visitorHistory.visits[0];

if (
(visit.browserDetails.botProbability &&
visit.browserDetails.botProbability !== 0) ||
visit.confidence.score !== 1
) {
res.locals.failedLoginAttempt = true;
res.locals.type = 'warn';
res.locals.message = 'bot probability or fraudulent request';
res.status(403).json({ message: 'UNAUTHORIZED_REQUEST' });
return;
}

const user = await findUserByOTPCode(otp_code);

if (user) {
// add visitor id and remove otp_code
let devices = user.pocket_devices || [];

const obj = {
visitorid: visitorid,
name: `${visit.browserDetails.os} ${visit.browserDetails.osVersion} (${visit.browserDetails.browserName} ${visit.browserDetails.browserFullVersion})`,
sws_last_seen: new Date().getTime(),
};

const foundDevice = devices.find(
(device) => device.visitorid === visitorid
);

// device already added
if (foundDevice) {
res.locals.type = 'warn';
res.locals.message = 'pocket visitor id already exists';
res.status(400).json({ message: 'DEVICE_EXISTS' });

if (visitorHistory.visits?.length > 0) {
const user = await findUserByOTPCode(otp_code);

if (user) {
// add visitor id and remove otp_code
let devices = user.pocket_devices || [];

const obj = {
visitorid: visitorid,
name: `${visit.browserDetails.os} ${visit.browserDetails.osVersion} (${visit.browserDetails.browserName} ${visit.browserDetails.browserFullVersion})`,
sws_last_seen: new Date().getTime(),
};

const foundDevice = devices.find(
(device) => device.visitorid === visitorid
);

// device already added
if (foundDevice) {
res.locals.type = 'warn';
res.locals.message = 'pocket visitor id already exists';
res.status(400).json({ message: 'DEVICE_EXISTS' });

return;
}

// add new device
devices.push(obj);

await db.collection('users').doc(user.id).update({
'congregation.oCode': FieldValue.delete(),
'congregation.devices': devices,
});

const {
username,
pocket_local_id,
pocket_members,
cong_name,
cong_number,
} = await findPocketByVisitorID(visitorid);

res.locals.type = 'info';
res.locals.message = 'pocket device visitor id added successfully';
res.status(200).json({
username,
pocket_local_id,
pocket_members,
cong_name,
cong_number,
});
return;
}

// add new device
devices.push(obj);

await db.collection('users').doc(user.id).update({
'congregation.oCode': FieldValue.delete(),
'congregation.devices': devices,
});

const {
username,
pocket_local_id,
pocket_members,
cong_name,
cong_number,
} = await findPocketByVisitorID(visitorid);

res.locals.type = 'info';
res.locals.message = 'pocket device visitor id added successfully';
res.status(200).json({
username,
pocket_local_id,
pocket_members,
cong_name,
cong_number,
});
res.locals.type = 'warn';
res.locals.message = 'pocket verification code is invalid';
res.status(404).json({ message: 'OTP_CODE_INVALID' });
return;
}

// visitor id not found
res.locals.failedLoginAttempt = true;
res.locals.type = 'warn';
res.locals.message = 'pocket verification code is invalid';
res.status(404).json({ message: 'OTP_CODE_INVALID' });
res.locals.message = 'the authentication request seems to be fraudulent';
res.status(403).json({ message: 'UNAUTHORIZED_REQUEST' });
} catch (err) {
next(err);
}
Expand Down

0 comments on commit 6824f76

Please sign in to comment.