Ailur-Archives
/
hectabit-oauth2
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Finally done

This commit is contained in:
Tracker-Friendly 2024-03-31 13:24:09 +01:00
parent 7c4e1c4e00
commit ddbb72ece1
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
main
View File

@ -328,22 +328,22 @@ async def apitokenexchange():
if verifycode: if verifycode:
if str(login_data["pkce"]) == "none": if str(login_data["pkce"]) == "none":
return 400 return {}, 400
else: else:
if str(login_data["pkcemethod"]) == "S256": if str(login_data["pkcemethod"]) == "S256":
if str(sha256_base64(code_verify)) != str(login_data["code"]): if str(sha256_base64(code_verify)) != str(login_data["pkce"]):
return 403 return {}, 403
elif str(login_data["pkcemethod"]) == "plain": elif str(login_data["pkcemethod"]) == "plain":
if str(code_verify) != str(login_data["code"]): if str(code_verify) != str(login_data["pkce"]):
return 403 return {}, 403
else: else:
return 501 return {}, 501
else: else:
if not oauth_data["secret"] == secret: if not oauth_data["secret"] == secret:
return {}, 401 return {}, 401
newkey = str(secrets.token_hex(512)) newkey = str(secrets.token_hex(512))
conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(secret))) conn.execute("UPDATE logins SET secret = ?, nextsecret = ? WHERE appId = ? AND secret = ?", (str(newkey), str(secrets.token_hex(512)), str(appId), str(code)))
conn.close() conn.close()