mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-08-28 15:38:30 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update authentication.cr

Browse Source
This commit is contained in:
Ryan G 2023-06-12 22:41:15 -07:00
parent 15c68b4901
commit 8058254411
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/invidious/routes/api/v1/authentication.cr
View File

@ -83,6 +83,31 @@ module Invidious::Routes::API::V1::Authentication
# process captcha response
locale = env.get("preferences").as(Preferences).locale
username = creds.username.downcase
password = creds.password
username = "" if username.nil?
password = "" if password.nil?
if username.empty?
return error_json(401, "Username cannot be empty")
end
if password.empty?
return error_json(401, "Password cannot be empty")
end
if username.bytesize > 254
return error_json(401, "Username cannot be longer than 254 characters")
end
# See https://security.stackexchange.com/a/39851
if password.bytesize > 55
return error_json(401, "Password cannot be longer than 55 characters")
end
username = username.byte_slice(0, 254)
password = password.byte_slice(0, 55)
answer = captcha_response.answer
answer = answer.lstrip('0')
answer = OpenSSL::HMAC.hexdigest(:sha256, HMAC_KEY, answer)