From 6fe2119fc35febd01c890c337da19417b924aac7 Mon Sep 17 00:00:00 2001 From: Tracker-Friendly Date: Sun, 31 Mar 2024 12:42:38 +0100 Subject: [PATCH] Used the correct query lol --- main | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/main b/main index 257f696..0efb8cd 100644 --- a/main +++ b/main @@ -320,19 +320,21 @@ async def apitokenexchange(): conn = get_db_connection() # Fetch required data in a single query - oauth_data = conn.execute("SELECT appId, secret, pkce, pkcemethod FROM oauth WHERE appId = ?", (str(appId),)).fetchone() + oauth_data = conn.execute("SELECT appId, secret FROM oauth WHERE appId = ?", (str(appId),)).fetchone() if not oauth_data or oauth_data["appId"] != appId or oauth_data["secret"] != secret: return {}, 401 + login_data = conn.execute("SELECT openid, code, pkce, pkcemethod FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(code))).fetchone() + if verifycode: - if str(oauth_data["pkce"]) == "none": + if str(login_data["pkce"]) == "none": return 400 else: - if str(oauth_data["pkcemethod"]) == "S256": - if str(sha256_base64(code_verify)) != str(oauth_data["code"]): + if str(login_data["pkcemethod"]) == "S256": + if str(sha256_base64(code_verify)) != str(login_data["code"]): return 403 - elif str(oauth_data["pkcemethod"]) == "plain": - if str(code_verify) != str(oauth_data["code"]): + elif str(login_data["pkcemethod"]) == "plain": + if str(code_verify) != str(login_data["code"]): return 403 else: return 501 @@ -340,9 +342,6 @@ async def apitokenexchange(): newkey = str(secrets.token_hex(512)) conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(secret))) - # Fetch openid and code in a single query - login_data = conn.execute("SELECT openid, code FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(code))).fetchone() - conn.close() if login_data: