Fixed /api/auth's weird session issue and password migration

This commit is contained in:
Tracker-Friendly 2024-07-28 14:19:12 +01:00
parent 93cd8f3cdd
commit 0f880980bc
3 changed files with 5 additions and 5 deletions

View File

@ -1325,7 +1325,7 @@ func main() {
state := c.Request.URL.Query().Get("state")
nonce := c.Request.URL.Query().Get("nonce")
deny := c.Request.URL.Query().Get("deny")
sessionKey, err := c.Cookie("secretKey")
sessionKey, err := c.Cookie("session")
if err == nil {
if errors.Is(err, http.ErrNoCookie) || sessionKey == "" {
sessionKey = c.Request.URL.Query().Get("session")

View File

@ -168,7 +168,7 @@ nextButton.addEventListener("click", async () => {
method: "POST",
body: JSON.stringify({
username: username,
password: hashpassold(password),
password: await hashpassold(password),
modern: false
}),
headers: {
@ -237,4 +237,4 @@ document.getElementById("privacyButton").addEventListener("click", function(even
function toSignup() {
window.location.href = "/signup" + window.location.search;
}
}

View File

@ -52,12 +52,12 @@ function oauth() {
const expireTime = now.getTime() + (21 * 1000);
let expires = new Date(expireTime).toUTCString();
if (navigator.cookieEnabled) {
document.cookie = "DONOTSHARE-secretkey=" + secret_key + "; expires=" + expires + "; path=/";
document.cookie = "session=" + secret_key + "; expires=" + expires + "; path=/";
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false");
} else {
document.getElementById("statusBox").textContent = "Warning! Because cookies are disabled, your access token is sent directly in the URL. This is less secure than using cookies, but you chose this path!";
setTimeout(() => {
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false&access_token=" + secret_key);
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false&session=" + secret_key);
}, 200);
}
}