From b8c6b3ba2c0a9d682130c2b47b189c9ed7a2eb47 Mon Sep 17 00:00:00 2001 From: Blake Blackshear Date: Tue, 10 Dec 2024 07:06:05 -0600 Subject: [PATCH 1/2] return 401 for login failures --- frigate/api/auth.py | 4 ++-- web/src/api/index.tsx | 7 +++++-- web/src/components/auth/AuthForm.tsx | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/frigate/api/auth.py b/frigate/api/auth.py index 8f0fead853..be59174504 100644 --- a/frigate/api/auth.py +++ b/frigate/api/auth.py @@ -329,7 +329,7 @@ def login(request: Request, body: AppPostLoginBody): try: db_user: User = User.get_by_id(user) except DoesNotExist: - return JSONResponse(content={"message": "Login failed"}, status_code=400) + return JSONResponse(content={"message": "Login failed"}, status_code=401) password_hash = db_user.password_hash if verify_password(password, password_hash): @@ -340,7 +340,7 @@ def login(request: Request, body: AppPostLoginBody): response, JWT_COOKIE_NAME, encoded_jwt, expiration, JWT_COOKIE_SECURE ) return response - return JSONResponse(content={"message": "Login failed"}, status_code=400) + return JSONResponse(content={"message": "Login failed"}, status_code=401) @router.get("/users") diff --git a/web/src/api/index.tsx b/web/src/api/index.tsx index 3ac8806c72..a9044a6d7f 100644 --- a/web/src/api/index.tsx +++ b/web/src/api/index.tsx @@ -29,8 +29,11 @@ export function ApiProvider({ children, options }: ApiProviderType) { error.response && [401, 302, 307].includes(error.response.status) ) { - window.location.href = - error.response.headers.get("location") ?? "login"; + // redirect to the login page if not already there + const loginPage = error.response.headers.get("location") ?? "login"; + if (window.location.href !== loginPage) { + window.location.href = loginPage; + } } }, ...options, diff --git a/web/src/components/auth/AuthForm.tsx b/web/src/components/auth/AuthForm.tsx index 9daa929662..99ce37283d 100644 --- a/web/src/components/auth/AuthForm.tsx +++ b/web/src/components/auth/AuthForm.tsx @@ -63,7 +63,7 @@ export function UserAuthForm({ className, ...props }: UserAuthFormProps) { toast.error("Exceeded rate limit. Try again later.", { position: "top-center", }); - } else if (err.response?.status === 400) { + } else if (err.response?.status === 401) { toast.error("Login failed", { position: "top-center", }); From 11fe2f19d6c9dba3719c02ae9db0b562c2a885b7 Mon Sep 17 00:00:00 2001 From: Blake Blackshear Date: Tue, 10 Dec 2024 07:32:59 -0600 Subject: [PATCH 2/2] only setup the rate limiter when configured --- frigate/api/fastapi_app.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/frigate/api/fastapi_app.py b/frigate/api/fastapi_app.py index e3542458ef..168404ea61 100644 --- a/frigate/api/fastapi_app.py +++ b/frigate/api/fastapi_app.py @@ -87,7 +87,11 @@ async def startup(): logger.info("FastAPI started") # Rate limiter (used for login endpoint) - auth.rateLimiter.set_limit(frigate_config.auth.failed_login_rate_limit or "") + if frigate_config.auth.failed_login_rate_limit is None: + limiter.enabled = False + else: + auth.rateLimiter.set_limit(frigate_config.auth.failed_login_rate_limit) + app.state.limiter = limiter app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler) app.add_middleware(SlowAPIMiddleware)