4 năm trước cách đây · 3c50198215
--- a/packages/app/src/server/middlewares/http-error-handler.js
+++ b/packages/app/src/server/middlewares/http-error-handler.js
@@ -1,23 +1,8 @@
 
				-import { HttpError } from 'http-errors';
			
 
				+import { isHttpError } from 'http-errors';
			
 
				 import loggerFactory from '~/utils/logger';
			
 
				 
			
 
				 const logger = loggerFactory('growi:middleware:htto-error-handler');
			
 
				 
			
 
				-const isHttpError = (val) => {
			
 
				-  if (!val || typeof val !== 'object') {
			
 
				-    return false;
			
 
				-  }
			
 
				-
			
 
				-  if (val instanceof HttpError) {
			
 
				-    return true;
			
 
				-  }
			
 
				-
			
 
				-  return val instanceof Error
			
 
				-    && typeof val.expose === 'boolean'
			
 
				-    && typeof val.statusCode === 'number'
			
 
				-    && val.status === val.statusCode;
			
 
				-};
			
 
				-
			
 
				 module.exports = async(err, req, res, next) => {
			
 
				   // handle if the err is a HttpError instance
			
 
				   if (isHttpError(err)) {
			
--- a/packages/app/src/server/routes/forgot-password.ts
+++ b/packages/app/src/server/routes/forgot-password.ts
@@ -1,8 +1,38 @@
 
				 import {
			
 
				   NextFunction, Request, RequestHandler, Response,
			
 
				 } from 'express';
			
 
				+
			
 
				+import createError from 'http-errors';
			
 
				+
			
 
				+import loggerFactory from '~/utils/logger';
			
 
				+
			
 
				 import { ReqWithPasswordResetOrder } from '../middlewares/inject-reset-order-by-token-middleware';
			
 
				 
			
 
				+const logger = loggerFactory('growi:routes:forgot-password');
			
 
				+
			
 
				+
			
 
				+// eslint-disable-next-line @typescript-eslint/explicit-module-boundary-types, @typescript-eslint/no-explicit-any
			
 
				+export const checkForgotPasswordEnabledMiddlewareFactory = (crowi: any, forApi = false) => {
			
 
				+
			
 
				+  return (req: Request, res: Response, next: NextFunction): void => {
			
 
				+    const isPasswordResetEnabled = crowi.configManager.getConfig('crowi', 'security:passport-local:isPasswordResetEnabled') as boolean | null;
			
 
				+    const isLocalStrategySetup = crowi.passportService.isLocalStrategySetup as boolean ?? false;
			
 
				+
			
 
				+    const isEnabled = isLocalStrategySetup && isPasswordResetEnabled;
			
 
				+
			
 
				+    if (!isEnabled) {
			
 
				+      const message = 'Forgot-password function is unavailable because neither LocalStrategy and LdapStrategy is not setup.';
			
 
				+      logger.error(message);
			
 
				+
			
 
				+      const statusCode = forApi ? 405 : 404;
			
 
				+      return next(createError(statusCode, message, { code: 'password-reset-is-unavailable' }));
			
 
				+    }
			
 
				+
			
 
				+    next();
			
 
				+  };
			
 
				+
			
 
				+};
			
 
				+
			
 
				 export const forgotPassword = (req: Request, res: Response): void => {
			
 
				   return res.render('forgot-password');
			
 
				 };
			
@@ -13,9 +43,9 @@ export const resetPassword = (req: ReqWithPasswordResetOrder, res: Response): vo
 
				 };
			
 
				 
			
 
				 // middleware to handle error
			
 
				-export const handleHttpErrosMiddleware = (error: Error & { code: string }, req: Request, res: Response, next: NextFunction): Promise<RequestHandler> | void => {
			
 
				+export const handleErrosMiddleware = (error: Error & { code: string }, req: Request, res: Response, next: NextFunction): Promise<RequestHandler> | void => {
			
 
				   if (error != null) {
			
 
				     return res.render('forgot-password/error', { key: error.code });
			
 
				   }
			
 
				-  next();
			
 
				+  next(error);
			
 
				 };