From a28938ababa6bda3cdb515f96f585a80b8782817 Mon Sep 17 00:00:00 2001 From: Devin Ivy Date: Wed, 1 Nov 2023 16:33:58 -0400 Subject: [PATCH] provide proper error when account not found in access-takedown check --- packages/pds/src/auth-verifier.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/pds/src/auth-verifier.ts b/packages/pds/src/auth-verifier.ts index 66a2f347f22..47adb47db8b 100644 --- a/packages/pds/src/auth-verifier.ts +++ b/packages/pds/src/auth-verifier.ts @@ -1,6 +1,7 @@ import { KeyObject, createPublicKey, createSecretKey } from 'node:crypto' import { AuthRequiredError, + ForbiddenError, InvalidRequestError, verifyJwt as verifyServiceJwt, } from '@atproto/xrpc-server' @@ -10,6 +11,7 @@ import express from 'express' import * as jose from 'jose' import KeyEncoder from 'key-encoder' import { AccountManager } from './account-manager' +import { softDeleted } from './db' type ReqCtx = { req: express.Request @@ -121,6 +123,10 @@ export class AuthVerifier { ]) const found = await this.accountManager.getAccount(result.credentials.did) if (!found) { + // will be turned into ExpiredToken for the client if proxied by entryway + throw new ForbiddenError('Account not found', 'AccountNotFound') + } + if (softDeleted(found)) { throw new AuthRequiredError( 'Account has been taken down', 'AccountTakedown',