mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-08-28 15:38:30 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add 2fa to change_password endpoint

Browse Source
This commit is contained in:
syeopite 2021-07-15 01:19:55 -07:00
parent 23a71abc11
commit 68a216102e
No known key found for this signature in database
GPG Key ID: A73C186DA3955A1A
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/invidious/routes/account.cr
View File

@ -23,6 +23,12 @@ module Invidious::Routes::Account
user = user.as(User)
sid = sid.as(String)
if user.totp_secret && env.response.cookies["2faVerified"]?.try &.value != "1" || nil
csrf_token = generate_response(sid, {":validate_2fa"}, HMAC_KEY)
next templated "account/validate_2fa?referer=#{env.get?("current_page")}"
end
csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY)
templated "user/change_password"
@ -362,7 +368,7 @@ module Invidious::Routes::Account
user = env.get? "user"
sid = env.get? "sid"
referer = get_referer(env)
referer = get_referer(env, unroll: false)
user = user.as(User)
sid = sid.as(String)