mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-08-28 23:48:31 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update 2fa routes to be in the form of /2fa/<action>

Browse Source
This commit is contained in:
syeopite 2021-07-16 13:34:53 -07:00
parent 4828253093
commit 2928e3e80e
No known key found for this signature in database
GPG Key ID: A73C186DA3955A1A
8 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/invidious/helpers/utils.cr
View File

@ -449,7 +449,7 @@ end
def call_totp_validator(env, user, sid, locale) def call_totp_validator(env, user, sid, locale)
referer = URI.decode_www_form(env.get?("current_page").to_s) referer = URI.decode_www_form(env.get?("current_page").to_s)
csrf_token = generate_response(sid, {":validate_2fa"}, HMAC_KEY) csrf_token = generate_response(sid, {":2fa/validate"}, HMAC_KEY)
email, password = {user.email, nil} email, password = {user.email, nil}
return templated "user/validate_2fa" return templated "user/validate_2fa"
end end

12
src/invidious/routes/account.cr
View File

@ -384,7 +384,7 @@ module Invidious::Routes::Account
user = user.as(User) user = user.as(User)
sid = sid.as(String) sid = sid.as(String)
csrf_token = generate_response(sid, {":setup_2fa"}, HMAC_KEY) csrf_token = generate_response(sid, {":2fa/setup"}, HMAC_KEY)
db_secret = Random::Secure.random_bytes(16).hexstring db_secret = Random::Secure.random_bytes(16).hexstring
totp = CrOTP::TOTP.new(db_secret) totp = CrOTP::TOTP.new(db_secret)
@ -472,10 +472,10 @@ module Invidious::Routes::Account
if CONFIG.domain if CONFIG.domain
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years, env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years,
secure: secure, http_only: true) secure: secure, http_only: true, path: "/")
else else
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years, env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years,
secure: secure, http_only: true) secure: secure, http_only: true, path: "/")
end end
else else
return error_template(401, "Wrong username or password") return error_template(401, "Wrong username or password")
@ -499,9 +499,9 @@ module Invidious::Routes::Account
end end
if CONFIG.domain if CONFIG.domain
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", domain: "#{CONFIG.domain}", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true) env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", domain: "#{CONFIG.domain}", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true, path: "/")
else else
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true) env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true, path: "/")
end end
end end
@ -515,7 +515,7 @@ module Invidious::Routes::Account
user = env.get("user").as(User) user = env.get("user").as(User)
sid = env.get("sid").as(String) sid = env.get("sid").as(String)
csrf_token = generate_response(sid, {":remove_2fa"}, HMAC_KEY) csrf_token = generate_response(sid, {":2fa/remove"}, HMAC_KEY)
return templated "user/remove_2fa" return templated "user/remove_2fa"
end end

4
src/invidious/routes/login.cr
View File

@ -56,8 +56,8 @@ module Invidious::Routes::Login
user = Invidious::Database::Users.select(email: email) user = Invidious::Database::Users.select(email: email)
if user if user
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) \ if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
# If the password is correct then we'll go ahead and begin 2fa if applicable # If the password is correct then we'll go ahead and begin 2fa if applicable
if user.totp_secret if user.totp_secret
csrf_token = nil # setting this to false for compatibility reasons. csrf_token = nil # setting this to false for compatibility reasons.
return templated "user/validate_2fa" return templated "user/validate_2fa"

10
src/invidious/routing.cr
View File

@ -80,11 +80,11 @@ module Invidious::Routing
get "/subscription_manager", Routes::Subscriptions, :subscription_manager get "/subscription_manager", Routes::Subscriptions, :subscription_manager
# 2fa routes # 2fa routes
Invidious::Routing.get "/setup_2fa", Routes::Account, :setup_2fa_page Invidious::Routing.get "/2fa/setup", Routes::Account, :setup_2fa_page
Invidious::Routing.post "/setup_2fa", Routes::Account, :setup_2fa Invidious::Routing.post "/2fa/setup", Routes::Account, :setup_2fa
Invidious::Routing.post "/validate_2fa", Routes::Account, :validate_2fa Invidious::Routing.get "/2fa/remove", Routes::Account, :remove_2fa_page
Invidious::Routing.get "/remove_2fa", Routes::Account, :remove_2fa_page Invidious::Routing.post "/2fa/remove", Routes::Account, :remove_2fa
Invidious::Routing.post "/remove_2fa", Routes::Account, :remove_2fa Invidious::Routing.post "/2fa/validate", Routes::Account, :validate_2fa
end end
def register_iv_playlist_routes def register_iv_playlist_routes

2
src/invidious/views/user/preferences.ecr
View File

@ -346,7 +346,7 @@
</div> </div>
<div class="pure-control-group"> <div class="pure-control-group">
<a href="/setup_2fa?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "setup_totp_form_header") %></a> <a href="/2fa/setup?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "setup_totp_form_header") %></a>
</div> </div>
<div class="pure-control-group"> <div class="pure-control-group">

2
src/invidious/views/user/remove_2fa.ecr
View File

@ -3,7 +3,7 @@
<% end %> <% end %>
<div class="h-box"> <div class="h-box">
<form class="pure-form pure-form-aligned" action="/remove_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post"> <form class="pure-form pure-form-aligned" action="/2fa/remove?referer=<%= URI.encode_www_form(referer) %>" method="post">
<legend><%= translate(locale, "remove_totp_confirm_message") %></legend> <legend><%= translate(locale, "remove_totp_confirm_message") %></legend>
<div class="pure-g"> <div class="pure-g">

2
src/invidious/views/user/setup_2fa.ecr
View File

@ -6,7 +6,7 @@
<div class="pure-u-1 pure-u-lg-1-5"></div> <div class="pure-u-1 pure-u-lg-1-5"></div>
<div class="pure-u-1 pure-u-lg-3-5"> <div class="pure-u-1 pure-u-lg-3-5">
<div class="h-box"> <div class="h-box">
<form class="pure-form pure-form-aligned" action="/setup_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post"> <form class="pure-form pure-form-aligned" action="/2fa/setup?referer=<%= URI.encode_www_form(referer) %>" method="post">
<legend><%= translate(locale, "setup_totp_form_header") %></legend> <legend><%= translate(locale, "setup_totp_form_header") %></legend>
<fieldset> <fieldset>

2
src/invidious/views/user/validate_2fa.ecr
View File

@ -6,7 +6,7 @@
<div class="pure-u-1 pure-u-lg-1-5"></div> <div class="pure-u-1 pure-u-lg-1-5"></div>
<div class="pure-u-1 pure-u-lg-3-5"> <div class="pure-u-1 pure-u-lg-3-5">
<div class="h-box"> <div class="h-box">
<form class="pure-form pure-form-aligned" action="/validate_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post"> <form class="pure-form pure-form-aligned" action="/2fa/validate?referer=<%= URI.encode_www_form(referer) %>" method="post">
<legend><%= translate(locale, "general_totp_enter_code_header") %></legend> <legend><%= translate(locale, "general_totp_enter_code_header") %></legend>
<fieldset> <fieldset>