mirror of
https://gitea.invidious.io/iv-org/invidious-copy-2022-04-11.git
synced 2024-08-15 00:43:26 +00:00
Update 2fa routes to be in the form of /2fa/<action>
This commit is contained in:
parent
668074a253
commit
9b2b661c85
8 changed files with 18 additions and 19 deletions
|
@ -345,11 +345,11 @@ Invidious::Routing.get "/preferences", Invidious::Routes::PreferencesRoute, :sho
|
||||||
Invidious::Routing.post "/preferences", Invidious::Routes::PreferencesRoute, :update
|
Invidious::Routing.post "/preferences", Invidious::Routes::PreferencesRoute, :update
|
||||||
Invidious::Routing.get "/toggle_theme", Invidious::Routes::PreferencesRoute, :toggle_theme
|
Invidious::Routing.get "/toggle_theme", Invidious::Routes::PreferencesRoute, :toggle_theme
|
||||||
|
|
||||||
Invidious::Routing.get "/setup_2fa", Invidious::Routes::Accounts, :setup_2fa_page
|
Invidious::Routing.get "/2fa/setup", Invidious::Routes::Accounts, :setup_2fa_page
|
||||||
Invidious::Routing.post "/setup_2fa", Invidious::Routes::Accounts, :setup_2fa
|
Invidious::Routing.post "/2fa/setup", Invidious::Routes::Accounts, :setup_2fa
|
||||||
Invidious::Routing.get "/remove_2fa", Invidious::Routes::Accounts, :remove_2fa_page
|
Invidious::Routing.get "/2fa/remove", Invidious::Routes::Accounts, :remove_2fa_page
|
||||||
Invidious::Routing.post "/remove_2fa", Invidious::Routes::Accounts, :remove_2fa
|
Invidious::Routing.post "/2fa/remove", Invidious::Routes::Accounts, :remove_2fa
|
||||||
Invidious::Routing.post "/validate_2fa", Invidious::Routes::Accounts, :validate_2fa
|
Invidious::Routing.post "/2fa/validate", Invidious::Routes::Accounts, :validate_2fa
|
||||||
|
|
||||||
# Users
|
# Users
|
||||||
|
|
||||||
|
|
|
@ -474,7 +474,7 @@ end
|
||||||
|
|
||||||
def call_totp_validator(env, user, sid, locale)
|
def call_totp_validator(env, user, sid, locale)
|
||||||
referer = URI.decode_www_form(env.get?("current_page").to_s)
|
referer = URI.decode_www_form(env.get?("current_page").to_s)
|
||||||
csrf_token = generate_response(sid, {":validate_2fa"}, HMAC_KEY, PG_DB)
|
csrf_token = generate_response(sid, {":2fa/validate"}, HMAC_KEY, PG_DB)
|
||||||
email, password = {user.email, nil}
|
email, password = {user.email, nil}
|
||||||
return templated "account/validate_2fa"
|
return templated "account/validate_2fa"
|
||||||
end
|
end
|
||||||
|
|
|
@ -13,7 +13,7 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
|
||||||
|
|
||||||
user = user.as(User)
|
user = user.as(User)
|
||||||
sid = sid.as(String)
|
sid = sid.as(String)
|
||||||
csrf_token = generate_response(sid, {":setup_2fa"}, HMAC_KEY, PG_DB)
|
csrf_token = generate_response(sid, {":2fa/setup"}, HMAC_KEY, PG_DB)
|
||||||
|
|
||||||
db_secret = Random::Secure.random_bytes(16).hexstring
|
db_secret = Random::Secure.random_bytes(16).hexstring
|
||||||
totp = CrOTP::TOTP.new(db_secret)
|
totp = CrOTP::TOTP.new(db_secret)
|
||||||
|
@ -29,7 +29,7 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
|
||||||
|
|
||||||
user = env.get("user").as(User)
|
user = env.get("user").as(User)
|
||||||
sid = env.get("sid").as(String)
|
sid = env.get("sid").as(String)
|
||||||
csrf_token = generate_response(sid, {":remove_2fa"}, HMAC_KEY, PG_DB)
|
csrf_token = generate_response(sid, {":2fa/remove"}, HMAC_KEY, PG_DB)
|
||||||
|
|
||||||
return templated "account/remove_2fa"
|
return templated "account/remove_2fa"
|
||||||
end
|
end
|
||||||
|
@ -139,10 +139,10 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
|
||||||
|
|
||||||
if CONFIG.domain
|
if CONFIG.domain
|
||||||
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years,
|
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years,
|
||||||
secure: secure, http_only: true)
|
secure: secure, http_only: true, path: "/")
|
||||||
else
|
else
|
||||||
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years,
|
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years,
|
||||||
secure: secure, http_only: true)
|
secure: secure, http_only: true, path: "/")
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
return error_template(401, "Wrong username or password")
|
return error_template(401, "Wrong username or password")
|
||||||
|
@ -154,7 +154,6 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
|
||||||
cookie.expires = Time.utc(1990, 1, 1)
|
cookie.expires = Time.utc(1990, 1, 1)
|
||||||
env.response.cookies << cookie
|
env.response.cookies << cookie
|
||||||
end
|
end
|
||||||
|
|
||||||
env.redirect referer
|
env.redirect referer
|
||||||
else
|
else
|
||||||
token = env.params.body["csrf_token"]
|
token = env.params.body["csrf_token"]
|
||||||
|
@ -166,9 +165,9 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
|
||||||
end
|
end
|
||||||
|
|
||||||
if CONFIG.domain
|
if CONFIG.domain
|
||||||
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", domain: "#{CONFIG.domain}", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true)
|
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", domain: "#{CONFIG.domain}", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true, path: "/")
|
||||||
else
|
else
|
||||||
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true)
|
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true, path: "/")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -326,7 +326,7 @@ class Invidious::Routes::Login < Invidious::Routes::BaseRoute
|
||||||
return error_template(400, "Please sign in using 'Log in with Google'")
|
return error_template(400, "Please sign in using 'Log in with Google'")
|
||||||
end
|
end
|
||||||
|
|
||||||
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) \
|
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
|
||||||
# If the password is correct then we'll go ahead and begin 2fa if applicable
|
# If the password is correct then we'll go ahead and begin 2fa if applicable
|
||||||
if user.totp_secret
|
if user.totp_secret
|
||||||
csrf_token = nil # setting this to false for compatibility reasons.
|
csrf_token = nil # setting this to false for compatibility reasons.
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
<div class="h-box">
|
<div class="h-box">
|
||||||
<form class="pure-form pure-form-aligned" action="/remove_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post">
|
<form class="pure-form pure-form-aligned" action="/2fa/remove?referer=<%= URI.encode_www_form(referer) %>" method="post">
|
||||||
<legend><%= translate(locale, "remove_totp_confirm_message") %></legend>
|
<legend><%= translate(locale, "remove_totp_confirm_message") %></legend>
|
||||||
|
|
||||||
<div class="pure-g">
|
<div class="pure-g">
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<div class="pure-u-1 pure-u-lg-1-5"></div>
|
<div class="pure-u-1 pure-u-lg-1-5"></div>
|
||||||
<div class="pure-u-1 pure-u-lg-3-5">
|
<div class="pure-u-1 pure-u-lg-3-5">
|
||||||
<div class="h-box">
|
<div class="h-box">
|
||||||
<form class="pure-form pure-form-aligned" action="/setup_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post">
|
<form class="pure-form pure-form-aligned" action="/2fa/setup?referer=<%= URI.encode_www_form(referer) %>" method="post">
|
||||||
<legend><%= translate(locale, "setup_totp_form_header") %></legend>
|
<legend><%= translate(locale, "setup_totp_form_header") %></legend>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<div class="pure-u-1 pure-u-lg-1-5"></div>
|
<div class="pure-u-1 pure-u-lg-1-5"></div>
|
||||||
<div class="pure-u-1 pure-u-lg-3-5">
|
<div class="pure-u-1 pure-u-lg-3-5">
|
||||||
<div class="h-box">
|
<div class="h-box">
|
||||||
<form class="pure-form pure-form-aligned" action="/validate_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post">
|
<form class="pure-form pure-form-aligned" action="/2fa/validate?referer=<%= URI.encode_www_form(referer) %>" method="post">
|
||||||
<legend><%= translate(locale, "general_totp_enter_code_header") %></legend>
|
<legend><%= translate(locale, "general_totp_enter_code_header") %></legend>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
|
|
||||||
|
|
|
@ -320,7 +320,7 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="pure-control-group">
|
<div class="pure-control-group">
|
||||||
<a href="/setup_2fa?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "setup_totp_form_header") %></a>
|
<a href="/2fa/setup?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "setup_totp_form_header") %></a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="pure-control-group">
|
<div class="pure-control-group">
|
||||||
|
|
Loading…
Reference in a new issue