From 7c4e1c4e00ef7df73068226ec107a901e7d59425 Mon Sep 17 00:00:00 2001 From: arzumify Date: Sun, 31 Mar 2024 13:01:43 +0100 Subject: [PATCH 1/2] Silly typo --- main | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main b/main index 8b03446..ee384a3 100644 --- a/main +++ b/main @@ -339,7 +339,7 @@ async def apitokenexchange(): else: return 501 else: - if not oauth_data["secret"] != secret: + if not oauth_data["secret"] == secret: return {}, 401 newkey = str(secrets.token_hex(512)) From ddbb72ece1995cf6ac7d1188b4c6331dac08fd62 Mon Sep 17 00:00:00 2001 From: arzumify Date: Sun, 31 Mar 2024 13:24:09 +0100 Subject: [PATCH 2/2] Finally done --- main | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/main b/main index ee384a3..7987c98 100644 --- a/main +++ b/main @@ -328,22 +328,22 @@ async def apitokenexchange(): if verifycode: if str(login_data["pkce"]) == "none": - return 400 + return {}, 400 else: if str(login_data["pkcemethod"]) == "S256": - if str(sha256_base64(code_verify)) != str(login_data["code"]): - return 403 + if str(sha256_base64(code_verify)) != str(login_data["pkce"]): + return {}, 403 elif str(login_data["pkcemethod"]) == "plain": - if str(code_verify) != str(login_data["code"]): - return 403 + if str(code_verify) != str(login_data["pkce"]): + return {}, 403 else: - return 501 + return {}, 501 else: if not oauth_data["secret"] == secret: return {}, 401 newkey = str(secrets.token_hex(512)) - conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(secret))) + conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(code))) conn.close()