iv-org-mirror/invidious-copy-2023-06-08
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/invidious-copy-2023-06-08.git synced 2024-08-15 00:53:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update 2fa routes to be in the form of /2fa/<action>

Browse source
This commit is contained in:
syeopite 2021-07-16 13:34:53 -07:00
parent 668074a253
commit 9b2b661c85
No known key found for this signature in database
GPG key ID: 6FA616E5A5294A82
8 changed files with 18 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/invidious.cr
View file

@ -345,11 +345,11 @@ Invidious::Routing.get "/preferences", Invidious::Routes::PreferencesRoute, :sho
Invidious::Routing.post "/preferences", Invidious::Routes::PreferencesRoute, :update
Invidious::Routing.get "/toggle_theme", Invidious::Routes::PreferencesRoute, :toggle_theme
Invidious::Routing.get "/setup_2fa", Invidious::Routes::Accounts, :setup_2fa_page
Invidious::Routing.post "/setup_2fa", Invidious::Routes::Accounts, :setup_2fa
Invidious::Routing.get "/remove_2fa", Invidious::Routes::Accounts, :remove_2fa_page
Invidious::Routing.post "/remove_2fa", Invidious::Routes::Accounts, :remove_2fa
Invidious::Routing.post "/validate_2fa", Invidious::Routes::Accounts, :validate_2fa
Invidious::Routing.get "/2fa/setup", Invidious::Routes::Accounts, :setup_2fa_page
Invidious::Routing.post "/2fa/setup", Invidious::Routes::Accounts, :setup_2fa
Invidious::Routing.get "/2fa/remove", Invidious::Routes::Accounts, :remove_2fa_page
Invidious::Routing.post "/2fa/remove", Invidious::Routes::Accounts, :remove_2fa
Invidious::Routing.post "/2fa/validate", Invidious::Routes::Accounts, :validate_2fa
# Users

2
src/invidious/helpers/utils.cr
View file

@ -474,7 +474,7 @@ end
def call_totp_validator(env, user, sid, locale)
referer = URI.decode_www_form(env.get?("current_page").to_s)
csrf_token = generate_response(sid, {":validate_2fa"}, HMAC_KEY, PG_DB)
csrf_token = generate_response(sid, {":2fa/validate"}, HMAC_KEY, PG_DB)
email, password = {user.email, nil}
return templated "account/validate_2fa"
end

13
src/invidious/routes/accounts.cr
View file

@ -13,7 +13,7 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
user = user.as(User)
sid = sid.as(String)
csrf_token = generate_response(sid, {":setup_2fa"}, HMAC_KEY, PG_DB)
csrf_token = generate_response(sid, {":2fa/setup"}, HMAC_KEY, PG_DB)
db_secret = Random::Secure.random_bytes(16).hexstring
totp = CrOTP::TOTP.new(db_secret)
@ -29,7 +29,7 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
user = env.get("user").as(User)
sid = env.get("sid").as(String)
csrf_token = generate_response(sid, {":remove_2fa"}, HMAC_KEY, PG_DB)
csrf_token = generate_response(sid, {":2fa/remove"}, HMAC_KEY, PG_DB)
return templated "account/remove_2fa"
end
@ -139,10 +139,10 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
if CONFIG.domain
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", domain: "#{CONFIG.domain}", value: sid, expires: Time.utc + 2.years,
secure: secure, http_only: true)
secure: secure, http_only: true, path: "/")
else
env.response.cookies["SID"] = HTTP::Cookie.new(name: "SID", value: sid, expires: Time.utc + 2.years,
secure: secure, http_only: true)
secure: secure, http_only: true, path: "/")
end
else
return error_template(401, "Wrong username or password")
@ -154,7 +154,6 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
cookie.expires = Time.utc(1990, 1, 1)
env.response.cookies << cookie
end
env.redirect referer
else
token = env.params.body["csrf_token"]
@ -166,9 +165,9 @@ class Invidious::Routes::Accounts < Invidious::Routes::BaseRoute
end
if CONFIG.domain
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", domain: "#{CONFIG.domain}", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true)
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", domain: "#{CONFIG.domain}", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true, path: "/")
else
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true)
env.response.cookies["2faVerified"] = HTTP::Cookie.new(name: "2faVerified", value: "1", expires: Time.utc + 1.hours, secure: secure, http_only: true, path: "/")
end
end

2
src/invidious/routes/login.cr
View file

@ -326,7 +326,7 @@ class Invidious::Routes::Login < Invidious::Routes::BaseRoute
return error_template(400, "Please sign in using 'Log in with Google'")
end
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55)) \
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
# If the password is correct then we'll go ahead and begin 2fa if applicable
if user.totp_secret
csrf_token = nil # setting this to false for compatibility reasons.

2
src/invidious/views/account/remove_2fa.ecr
View file

@ -3,7 +3,7 @@
<% end %>
<div class="h-box">
<form class="pure-form pure-form-aligned" action="/remove_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post">
<form class="pure-form pure-form-aligned" action="/2fa/remove?referer=<%= URI.encode_www_form(referer) %>" method="post">
<legend><%= translate(locale, "remove_totp_confirm_message") %></legend>
<div class="pure-g">

2
src/invidious/views/account/setup_2fa.ecr
View file

@ -6,7 +6,7 @@
<div class="pure-u-1 pure-u-lg-1-5"></div>
<div class="pure-u-1 pure-u-lg-3-5">
<div class="h-box">
<form class="pure-form pure-form-aligned" action="/setup_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post">
<form class="pure-form pure-form-aligned" action="/2fa/setup?referer=<%= URI.encode_www_form(referer) %>" method="post">
<legend><%= translate(locale, "setup_totp_form_header") %></legend>
<fieldset>

2
src/invidious/views/account/validate_2fa.ecr
View file

@ -6,7 +6,7 @@
<div class="pure-u-1 pure-u-lg-1-5"></div>
<div class="pure-u-1 pure-u-lg-3-5">
<div class="h-box">
<form class="pure-form pure-form-aligned" action="/validate_2fa?referer=<%= URI.encode_www_form(referer) %>" method="post">
<form class="pure-form pure-form-aligned" action="/2fa/validate?referer=<%= URI.encode_www_form(referer) %>" method="post">
<legend><%= translate(locale, "general_totp_enter_code_header") %></legend>
<fieldset>

2
src/invidious/views/preferences.ecr
View file

@ -320,7 +320,7 @@
</div>
<div class="pure-control-group">
<a href="/setup_2fa?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "setup_totp_form_header") %></a>
<a href="/2fa/setup?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "setup_totp_form_header") %></a>
</div>
<div class="pure-control-group">