feat(GODT-2940): allow 3 attempts for mailbox password.

2023-10-02 15:15:30 +02:00
parent 0c212fbef4
commit 3bf4282037
3 changed files with 51 additions and 14 deletions
--- a/internal/frontend/grpc/service.go
+++ b/internal/frontend/grpc/service.go
@ -54,8 +54,9 @@ import (
 )

 const (
-	serverConfigFileName   = "grpcServerConfig.json"
-	serverTokenMetadataKey = "server-token"
+	serverConfigFileName        = "grpcServerConfig.json"
+	serverTokenMetadataKey      = "server-token"
+	twoPasswordsMaxAttemptCount = 3 // The number of attempts allowed for the mailbox password.
 )

 // Service is the RPC service struct.
@ -82,9 +83,10 @@ type Service struct { // nolint:structcheck
 	target     updater.VersionInfo
 	targetLock safe.RWMutex

-	authClient *proton.Client
-	auth       proton.Auth
-	password   []byte
+	authClient              *proton.Client
+	auth                    proton.Auth
+	password                []byte
+	twoPasswordAttemptCount int

 	log                *logrus.Entry
 	initializing       sync.WaitGroup
@ -408,7 +410,12 @@ func (s *Service) loginClean() {
 }

 func (s *Service) finishLogin() {
-	defer s.loginClean()
+	performCleanup := true
+	defer func() {
+		if performCleanup {
+			s.loginClean()
+		}
+	}()

 	wasSignedOut := s.bridge.HasUser(s.auth.UserID)

@ -426,10 +433,24 @@ func (s *Service) finishLogin() {
 	eventCh, done := s.bridge.GetEvents(events.UserLoggedIn{})
 	defer done()

-	userID, err := s.bridge.LoginUser(context.Background(), s.authClient, s.auth, s.password)
+	ctx := context.Background()
+	userID, err := s.bridge.LoginUser(ctx, s.authClient, s.auth, s.password)
 	if err != nil {
 		s.log.WithError(err).Errorf("Finish login failed")
-		_ = s.SendEvent(NewLoginError(LoginErrorType_TWO_PASSWORDS_ABORT, err.Error()))
+		s.twoPasswordAttemptCount++
+		errType := LoginErrorType_TWO_PASSWORDS_ABORT
+		if errors.Is(err, bridge.ErrFailedToUnlock) {
+			if s.twoPasswordAttemptCount < twoPasswordsMaxAttemptCount {
+				performCleanup = false
+				errType = LoginErrorType_TWO_PASSWORDS_ERROR
+			} else {
+				if deleteErr := s.authClient.AuthDelete(ctx); deleteErr != nil {
+					s.log.WithError(deleteErr).Error("Failed to delete auth")
+				}
+			}
+		}
+
+		_ = s.SendEvent(NewLoginError(errType, err.Error()))
 		return
 	}

--- a/internal/frontend/grpc/service_methods.go
+++ b/internal/frontend/grpc/service_methods.go
@ -384,6 +384,7 @@ func (s *Service) Login(_ context.Context, login *LoginRequest) (*emptypb.Empty,
 	go func() {
 		defer async.HandlePanic(s.panicHandler)

+		s.twoPasswordAttemptCount = 0
 		password, err := base64Decode(login.Password)
 		if err != nil {
 			s.log.WithError(err).Error("Cannot decode password")