Ailur
/
burgerauth
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Fixed /api/auth's weird session issue and password migration

This commit is contained in:
Tracker-Friendly 2024-07-28 14:19:12 +01:00
parent 93cd8f3cdd
commit 0f880980bc
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
main.go
View File

@ -1325,7 +1325,7 @@ func main() {
state := c.Request.URL.Query().Get("state") state := c.Request.URL.Query().Get("state")
nonce := c.Request.URL.Query().Get("nonce") nonce := c.Request.URL.Query().Get("nonce")
deny := c.Request.URL.Query().Get("deny") deny := c.Request.URL.Query().Get("deny")
sessionKey, err := c.Cookie("secretKey") sessionKey, err := c.Cookie("session")
if err == nil { if err == nil {
if errors.Is(err, http.ErrNoCookie) || sessionKey == "" { if errors.Is(err, http.ErrNoCookie) || sessionKey == "" {
sessionKey = c.Request.URL.Query().Get("session") sessionKey = c.Request.URL.Query().Get("session")

4
static/js/login.js
View File

@ -168,7 +168,7 @@ nextButton.addEventListener("click", async () => {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
username: username, username: username,
password: hashpassold(password), password: await hashpassold(password),
modern: false modern: false
}), }),
headers: { headers: {
@ -237,4 +237,4 @@ document.getElementById("privacyButton").addEventListener("click", function(even
function toSignup() { function toSignup() {
window.location.href = "/signup" + window.location.search; window.location.href = "/signup" + window.location.search;
} }

4
static/js/main.js
View File

@ -52,12 +52,12 @@ function oauth() {
const expireTime = now.getTime() + (21 * 1000); const expireTime = now.getTime() + (21 * 1000);
let expires = new Date(expireTime).toUTCString(); let expires = new Date(expireTime).toUTCString();
if (navigator.cookieEnabled) { if (navigator.cookieEnabled) {
document.cookie = "DONOTSHARE-secretkey=" + secret_key + "; expires=" + expires + "; path=/"; document.cookie = "session=" + secret_key + "; expires=" + expires + "; path=/";
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false"); window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false");
} else { } else {
document.getElementById("statusBox").textContent = "Warning! Because cookies are disabled, your access token is sent directly in the URL. This is less secure than using cookies, but you chose this path!"; document.getElementById("statusBox").textContent = "Warning! Because cookies are disabled, your access token is sent directly in the URL. This is less secure than using cookies, but you chose this path!";
setTimeout(() => { setTimeout(() => {
window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false&access_token=" + secret_key); window.location.replace("/api/auth?client_id=" + client_id + "&redirect_uri=" + redirect_uri + "&code_challenge_method=" + codemethod + "&code_challenge=" + code + "&state=" + state + "&nonce=" + nonce + "&deny=false&session=" + secret_key);
}, 200); }, 200);
} }
} }