mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-08-29 07:58:35 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fixes + add 2fa to pass change and acc delete

Browse Source
This commit is contained in:
syeopite 2021-07-15 01:27:27 -07:00
parent 68a216102e
commit adbbd609e5
No known key found for this signature in database
GPG Key ID: A73C186DA3955A1A
2 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/invidious/helpers/utils.cr
View File

@ -520,3 +520,10 @@ def totp_validator(env)
end end
end end
end end
def call_totp_validator(env, user, sid, locale)
referer = URI.decode_www_form(env.get?("current_page").to_s)
csrf_token = generate_response(sid, {":validate_2fa"}, HMAC_KEY)
email, password = {user.email, nil}
return templated "user/validate_2fa"
end

12
src/invidious/routes/account.cr
View File

@ -25,8 +25,7 @@ module Invidious::Routes::Account
sid = sid.as(String) sid = sid.as(String)
if user.totp_secret && env.response.cookies["2faVerified"]?.try &.value != "1" || nil if user.totp_secret && env.response.cookies["2faVerified"]?.try &.value != "1" || nil
csrf_token = generate_response(sid, {":validate_2fa"}, HMAC_KEY) return call_totp_validator(env, user, sid, locale)
next templated "account/validate_2fa?referer=#{env.get?("current_page")}"
end end
csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY) csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY)
@ -104,6 +103,11 @@ module Invidious::Routes::Account
user = user.as(User) user = user.as(User)
sid = sid.as(String) sid = sid.as(String)
if user.totp_secret && env.request.cookies["2faVerified"]?.try &.value != "1" || nil
return call_totp_validator(env, user, sid, locale)
end
csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY) csrf_token = generate_response(sid, {":delete_account"}, HMAC_KEY)
templated "user/delete_account" templated "user/delete_account"
@ -420,7 +424,7 @@ module Invidious::Routes::Account
# Validate 2fa code endpoint # Validate 2fa code endpoint
def validate_2fa(env) def validate_2fa(env)
locale = env.get("preferences").as(Preferences).locale locale = env.get("preferences").as(Preferences).locale
referer = get_referer(env) referer = get_referer(env, unroll: false)
email = env.params.body["email"]?.try &.downcase.byte_slice(0, 254) email = env.params.body["email"]?.try &.downcase.byte_slice(0, 254)
password = env.params.body["password"]? password = env.params.body["password"]?
@ -491,5 +495,7 @@ module Invidious::Routes::Account
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true) env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true)
end end
end end
env.redirect referer
end end
end end