Merge pull request #440 from wallfair-organization/feat/ChecksIfUserE…

…xists Checks if user exists before asking for captcha
wholespace214 · Apr 3, 2022 · e1fedce · e1fedce
2 parents ec56e4f + 2896aa2
commit e1fedce
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 14 deletions.
diff --git a/controllers/sessions-controller.js b/controllers/sessions-controller.js
@@ -337,15 +337,29 @@ module.exports = {
 
     const { address, signResponse, challenge, username, ref, sid, cid, recaptchaToken } = req.body;
     const { skip } = req.query;
-    console.log('[RECAPTHCA - TOKEN]:', recaptchaToken);
 
-    if (!process.env.RECAPTCHA_SKIP_TOKEN || process.env.RECAPTCHA_SKIP_TOKEN !== skip) {
+    const isAdminOnly = req.query.admin === 'true';
+    const userCheck = await userService.getUserByAddress(address);
+
+    if (isAdminOnly) {
+
+      if (!userCheck || !userCheck.admin) {
+        return next(new ErrorHandler(401, 'Failed to login'));
+      }
+    }
+    if (!userCheck && (!process.env.RECAPTCHA_SKIP_TOKEN || process.env.RECAPTCHA_SKIP_TOKEN !== skip)) {
+      console.log('[RECAPTCHA - TOKEN]:', recaptchaToken);
+
+      if (!recaptchaToken) {
+        return next(
+          new ErrorHandler(422, 'No recaptcha token received, please try again.')
+        );
+      }
       const recaptchaRes = await axios.post(
         `https://www.google.com/recaptcha/api/siteverify?secret=${process.env.GOOGLE_RECAPTCHA_CLIENT_SECRET}&response=${recaptchaToken}`
       );
 
       console.log('[RECAPTCHA DATA - VERIFY]:', recaptchaRes.data)
-      console.log('[RECAPTHCA - TOKEN]:', recaptchaToken);
 
       if (
         !recaptchaRes.data.success ||
@@ -357,16 +371,6 @@ module.exports = {
         );
       }
     }
-    const isAdminOnly = req.query.admin === 'true';
-
-    if (isAdminOnly) {
-      const userCheck = await userService.getUserByAddress(address);
-
-      if (!userCheck || !userCheck.admin) {
-        return next(new ErrorHandler(401, 'Failed to login'));
-      }
-    }
-
     const verified = verifyChallengeResponse(address, challenge, signResponse);
     if (!verified) {
       return next(new ErrorHandler(401, 'Failed to verify signer'));

diff --git a/routes/auth/auth-routes.js b/routes/auth/auth-routes.js
@@ -69,7 +69,6 @@ router.post(
     check('address').notEmpty(),
     check('signResponse').notEmpty(),
     check('challenge').notEmpty(),
-    check('recaptchaToken').notEmpty
   ],
   sessionsController.loginWeb3,
 );