diff --git a/keyserver/src/utils/identity-utils.js b/keyserver/src/utils/identity-utils.js --- a/keyserver/src/utils/identity-utils.js +++ b/keyserver/src/utils/identity-utils.js @@ -6,12 +6,26 @@ UserIdentitiesResponse, InboundKeyInfoResponse, } from 'lib/types/identity-service-types.js'; -import { ServerError } from 'lib/utils/errors.js'; +import { ServerError, getMessageForException } from 'lib/utils/errors.js'; import { getContentSigningKey } from './olm-utils.js'; -import type { IdentityInfo } from '../user/identity.js'; +import { clearIdentityInfo, type IdentityInfo } from '../user/identity.js'; import { verifyUserLoggedIn } from '../user/login.js'; +async function authVerifiedEndpoint( + identityRPCPromise: Promise, +): Promise { + try { + return await identityRPCPromise; + } catch (e) { + const message = getMessageForException(e); + if (message === 'bad_credentials') { + await clearIdentityInfo(); + } + throw e; + } +} + async function findUserIdentities( userIDs: $ReadOnlyArray, ): Promise { @@ -20,11 +34,13 @@ verifyUserLoggedIn(), getContentSigningKey(), ]); - return await rustAPI.findUserIdentities( - identityInfo.userId, - deviceID, - identityInfo.accessToken, - userIDs, + return await authVerifiedEndpoint( + rustAPI.findUserIdentities( + identityInfo.userId, + deviceID, + identityInfo.accessToken, + userIDs, + ), ); } @@ -36,11 +52,13 @@ verifyUserLoggedIn(), getContentSigningKey(), ]); - await rustAPI.privilegedDeleteUsers( - identityInfo.userId, - deviceID, - identityInfo.accessToken, - userIDs, + await authVerifiedEndpoint( + rustAPI.privilegedDeleteUsers( + identityInfo.userId, + deviceID, + identityInfo.accessToken, + userIDs, + ), ); } @@ -53,12 +71,14 @@ verifyUserLoggedIn(), getContentSigningKey(), ]); - await rustAPI.privilegedResetUserPassword( - identityInfo.userId, - deviceID, - identityInfo.accessToken, - username, - password, + await authVerifiedEndpoint( + rustAPI.privilegedResetUserPassword( + identityInfo.userId, + deviceID, + identityInfo.accessToken, + username, + password, + ), ); } @@ -67,10 +87,12 @@ getRustAPI(), getContentSigningKey(), ]); - return rustAPI.syncPlatformDetails( - identityInfo.userId, - deviceID, - identityInfo.accessToken, + return authVerifiedEndpoint( + rustAPI.syncPlatformDetails( + identityInfo.userId, + deviceID, + identityInfo.accessToken, + ), ); } @@ -84,12 +106,14 @@ getContentSigningKey(), ]); - await rustAPI.uploadOneTimeKeys( - identityInfo.userId, - deviceID, - identityInfo.accessToken, - contentOneTimeKeys, - notifOneTimeKeys, + await authVerifiedEndpoint( + rustAPI.uploadOneTimeKeys( + identityInfo.userId, + deviceID, + identityInfo.accessToken, + contentOneTimeKeys, + notifOneTimeKeys, + ), ); } @@ -112,14 +136,16 @@ return; } - await rustAPI.publishPrekeys( - identityInfo.userId, - deviceID, - identityInfo.accessToken, - contentPrekey, - contentPrekeySignature, - notifPrekey, - notifPrekeySignature, + await authVerifiedEndpoint( + rustAPI.publishPrekeys( + identityInfo.userId, + deviceID, + identityInfo.accessToken, + contentPrekey, + contentPrekeySignature, + notifPrekey, + notifPrekeySignature, + ), ); } @@ -137,12 +163,14 @@ throw new ServerError('account_not_registered_on_identity_service'); } - return rustAPI.getInboundKeysForUserDevice( - identityInfo.userId, - authDeviceID, - identityInfo.accessToken, - userID, - deviceID, + return authVerifiedEndpoint( + rustAPI.getInboundKeysForUserDevice( + identityInfo.userId, + authDeviceID, + identityInfo.accessToken, + userID, + deviceID, + ), ); }