Merge branch 'main' of hectabit.org:arzumify/hectabit-oauth2

This commit is contained in:
Tracker-Friendly 2024-04-02 16:57:54 +01:00
commit bc4718d651
1 changed files with 8 additions and 8 deletions

16
main
View File

@ -328,22 +328,22 @@ async def apitokenexchange():
if verifycode: if verifycode:
if str(login_data["pkce"]) == "none": if str(login_data["pkce"]) == "none":
return 400 return {}, 400
else: else:
if str(login_data["pkcemethod"]) == "S256": if str(login_data["pkcemethod"]) == "S256":
if str(sha256_base64(code_verify)) != str(login_data["code"]): if str(sha256_base64(code_verify)) != str(login_data["pkce"]):
return 403 return {}, 403
elif str(login_data["pkcemethod"]) == "plain": elif str(login_data["pkcemethod"]) == "plain":
if str(code_verify) != str(login_data["code"]): if str(code_verify) != str(login_data["pkce"]):
return 403 return {}, 403
else: else:
return 501 return {}, 501
else: else:
if not oauth_data["secret"] != secret: if not oauth_data["secret"] == secret:
return {}, 401 return {}, 401
newkey = str(secrets.token_hex(512)) newkey = str(secrets.token_hex(512))
conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(secret))) conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(code)))
conn.close() conn.close()