From 0f880980bc19d212cca6d543bd0bef223b7dd93c Mon Sep 17 00:00:00 2001 From: Arzumify Date: Sun, 28 Jul 2024 14:19:12 +0100 Subject: [PATCH] Fixed /api/auth's weird session issue and password migration --- main.go | 2 +- static/js/login.js | 4 ++-- static/js/main.js | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/main.go b/main.go index 9d93de9..71b5eb3 100644 --- a/main.go +++ b/main.go @@ -1325,7 +1325,7 @@ func main() { state := c.Request.URL.Query().Get("state") nonce := c.Request.URL.Query().Get("nonce") deny := c.Request.URL.Query().Get("deny") - sessionKey, err := c.Cookie("secretKey") + sessionKey, err := c.Cookie("session") if err == nil { if errors.Is(err, http.ErrNoCookie) || sessionKey == "" { sessionKey = c.Request.URL.Query().Get("session") diff --git a/static/js/login.js b/static/js/login.js index a2cbe7a..2998212 100644 --- a/static/js/login.js +++ b/static/js/login.js @@ -168,7 +168,7 @@ nextButton.addEventListener("click", async () => { method: "POST", body: JSON.stringify({ username: username, - password: hashpassold(password), + password: await hashpassold(password), modern: false }), headers: { @@ -237,4 +237,4 @@ document.getElementById("privacyButton").addEventListener("click", function(even function toSignup() { window.location.href = "/signup" + window.location.search; -} \ No newline at end of file +} diff --git a/static/js/main.js b/static/js/main.js index 66f7156..118abf7 100644 --- a/static/js/main.js +++ b/static/js/main.js @@ -52,12 +52,12 @@ function oauth() { const expireTime = now.getTime() + (21 * 1000); let expires = new Date(expireTime).toUTCString(); if (navigator.cookieEnabled) { - document.cookie = "DONOTSHARE-secretkey=" + secret_key + "; expires=" + expires + "; path=/"; + document.cookie = "session=" + secret_key + "; expires=" + expires + "; path=/"; window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false"); } else { document.getElementById("statusBox").textContent = "Warning! Because cookies are disabled, your access token is sent directly in the URL. This is less secure than using cookies, but you chose this path!"; setTimeout(() => { - window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false&access_token=" + secret_key); + window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false&session=" + secret_key); }, 200); } }