Ailur-Archives
/
hectabit-oauth2
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Used the correct query lol

This commit is contained in:
Tracker-Friendly 2024-03-31 12:42:38 +01:00
parent 96bc659e51
commit 6fe2119fc3
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
main
View File

@ -320,19 +320,21 @@ async def apitokenexchange():
conn = get_db_connection() conn = get_db_connection()
# Fetch required data in a single query # Fetch required data in a single query
oauth_data = conn.execute("SELECT appId, secret, pkce, pkcemethod FROM oauth WHERE appId = ?", (str(appId),)).fetchone() oauth_data = conn.execute("SELECT appId, secret FROM oauth WHERE appId = ?", (str(appId),)).fetchone()
if not oauth_data or oauth_data["appId"] != appId or oauth_data["secret"] != secret: if not oauth_data or oauth_data["appId"] != appId or oauth_data["secret"] != secret:
return {}, 401 return {}, 401
login_data = conn.execute("SELECT openid, code, pkce, pkcemethod FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(code))).fetchone()
if verifycode: if verifycode:
if str(oauth_data["pkce"]) == "none": if str(login_data["pkce"]) == "none":
return 400 return 400
else: else:
if str(oauth_data["pkcemethod"]) == "S256": if str(login_data["pkcemethod"]) == "S256":
if str(sha256_base64(code_verify)) != str(oauth_data["code"]): if str(sha256_base64(code_verify)) != str(login_data["code"]):
return 403 return 403
elif str(oauth_data["pkcemethod"]) == "plain": elif str(login_data["pkcemethod"]) == "plain":
if str(code_verify) != str(oauth_data["code"]): if str(code_verify) != str(login_data["code"]):
return 403 return 403
else: else:
return 501 return 501
@ -340,9 +342,6 @@ async def apitokenexchange():
newkey = str(secrets.token_hex(512)) newkey = str(secrets.token_hex(512))
conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(secret))) conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(secret)))
# Fetch openid and code in a single query
login_data = conn.execute("SELECT openid, code FROM logins WHERE appId = ? AND secret = ?", (str(appId), str(code))).fetchone()
conn.close() conn.close()
if login_data: if login_data: