From 5c777c705feecca80213dd5a7ef4d70d246e4c26 Mon Sep 17 00:00:00 2001
From: Javier Segarra <jsegarra@verdnatura.es>
Date: Tue, 14 Nov 2023 13:00:20 +0100
Subject: [PATCH] refs #6434 feat: add new error message

---
 back/methods/vn-user/sign-in.js | 28 +++++++++++++++-------------
 back/models/vn-user.js          | 13 +++++++++++--
 loopback/locale/es.json         |  4 +++-
 3 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/back/methods/vn-user/sign-in.js b/back/methods/vn-user/sign-in.js
index b9e0d2f70..5c84b654e 100644
--- a/back/methods/vn-user/sign-in.js
+++ b/back/methods/vn-user/sign-in.js
@@ -26,7 +26,7 @@ module.exports = Self => {
         }
     });
 
-    Self.signIn = async function(ctx, user, password, options) {
+    Self.signIn = async function (ctx, user, password, options) {
         const myOptions = {};
         if (typeof options == 'object')
             Object.assign(myOptions, options);
@@ -40,15 +40,17 @@ module.exports = Self => {
         const validCredentials = vnUser
             && await vnUser.hasPassword(password);
 
-        if (validCredentials) {
-            if (!vnUser.active)
-                throw new UserError('User disabled');
-            await Self.sendTwoFactor(ctx, vnUser, myOptions);
-            await Self.passExpired(vnUser, myOptions);
+        if (!validCredentials)
+            throw new UserError('Invalid credentials');
 
-            if (vnUser.twoFactor)
-                throw new ForbiddenError(null, 'REQUIRES_2FA');
-        }
+        if (!vnUser.active)
+            throw new UserError('User disabled');
+
+        await Self.sendTwoFactor(ctx, vnUser, myOptions);
+        await Self.passExpired(vnUser, myOptions);
+
+        if (vnUser.twoFactor)
+            throw new ForbiddenError(null, 'REQUIRES_2FA');
 
         return Self.validateLogin(user, password);
     };
@@ -59,18 +61,18 @@ module.exports = Self => {
 
         if (vnUser.passExpired && vnUser.passExpired.getTime() <= today.getTime()) {
             const err = new UserError('Pass expired', 'passExpired');
-            err.details = {userId: vnUser.id, twoFactor: vnUser.twoFactor ? true : false};
+            err.details = { userId: vnUser.id, twoFactor: vnUser.twoFactor ? true : false };
             throw err;
         }
     };
 
-    Self.sendTwoFactor = async(ctx, vnUser, myOptions) => {
+    Self.sendTwoFactor = async (ctx, vnUser, myOptions) => {
         if (vnUser.twoFactor === 'email') {
             const $ = Self.app.models;
 
             const code = String(Math.floor(Math.random() * 999999));
             const maxTTL = ((60 * 1000) * 5); // 5 min
-            await $.AuthCode.upsertWithWhere({userFk: vnUser.id}, {
+            await $.AuthCode.upsertWithWhere({ userFk: vnUser.id }, {
                 userFk: vnUser.id,
                 code: code,
                 expires: Date.vnNow() + maxTTL
@@ -87,7 +89,7 @@ module.exports = Self => {
                     ip: ctx.req?.connection?.remoteAddress,
                     device: platform && browser ? platform + ', ' + browser : headers['user-agent'],
                 },
-                req: {getLocale: ctx.req.getLocale},
+                req: { getLocale: ctx.req.getLocale },
             };
 
             await Self.sendTemplate(params, 'auth-code', true);
diff --git a/back/models/vn-user.js b/back/models/vn-user.js
index de5bf7b63..5c6e4a30f 100644
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@@ -2,6 +2,7 @@ const vnModel = require('vn-loopback/common/models/vn-model');
 const {Email} = require('vn-print');
 const ForbiddenError = require('vn-loopback/util/forbiddenError');
 const LoopBackContext = require('loopback-context');
+const UserError = require('vn-loopback/util/user-error');
 
 module.exports = function(Self) {
     vnModel(Self);
@@ -121,10 +122,18 @@ module.exports = function(Self) {
     });
 
     Self.validateLogin = async function(user, password) {
-        let loginInfo = Object.assign({password}, Self.userUses(user));
-        token = await Self.login(loginInfo, 'user');
+        const loginInfo = Object.assign({password}, Self.userUses(user));
+        const token = await Self.login(loginInfo, 'user');
 
         const userToken = await token.user.get();
+
+        if (userToken.username !== user) {
+            console.error('ERROR!!! - Signin with other user', userToken, user);
+            throw new UserError('Try again');
+        }
+
+        const userCheck = await Self.app.models.VnUser.findOne({where: {name: user}});
+        if (userToken.id != userCheck.id) await Self.validateLogin(user, password);
         try {
             await Self.app.models.Account.sync(userToken.name, password);
         } catch (err) {
diff --git a/loopback/locale/es.json b/loopback/locale/es.json
index b42720458..7cccc0fd0 100644
--- a/loopback/locale/es.json
+++ b/loopback/locale/es.json
@@ -325,5 +325,7 @@
 	"The ticket is in preparation": "El ticket [{{ticketId}}]({{{ticketUrl}}}) del comercial {{salesPersonId}} está en preparación",
 	"The amount cannot be less than the minimum": "La cantidad no puede ser menor que la cantidad mímina",
 	"quantityLessThanMin": "La cantidad no puede ser menor que la cantidad mímina",
-	"The notification subscription of this worker cant be modified": "La subscripción a la notificación de este trabajador no puede ser modificada"
+	"The notification subscription of this worker cant be modified": "La subscripción a la notificación de este trabajador no puede ser modificada",
+	"User disabled": "User disabled",
+	"Invalid credentials": "Invalid credentials"
 }