iv-org-mirror/invidious-copy-2022-04-11
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/invidious-copy-2022-04-11.git synced 2024-08-15 00:43:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add 2fa to change_password endpoint

Browse source
This commit is contained in:
syeopite 2021-07-15 01:19:55 -07:00
parent 71b5874380
commit 755b847ad5
No known key found for this signature in database
GPG key ID: 6FA616E5A5294A82
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/invidious.cr
View file

@ -858,6 +858,11 @@ get "/change_password" do |env|
user = user.as(User)
sid = sid.as(String)
if user.totp_secret && env.response.cookies["2faVerified"]?.try &.value != "1" || nil
csrf_token = generate_response(sid, {":validate_2fa"}, HMAC_KEY, PG_DB)
next templated "account/validate_2fa?referer=#{env.get?("current_page")}"
end
csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY, PG_DB)
templated "account/change_password"

2
src/invidious/routes/accounts.cr
View file

@ -27,7 +27,7 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
user = env.get? "user"
sid = env.get? "sid"
referer = get_referer(env)
referer = get_referer(env, unroll: false)
if !user
return env.redirect referer