From cda77cd3b9353230141216c2cbcc1762f1a416d0 Mon Sep 17 00:00:00 2001 From: Arzumify Date: Tue, 25 Jun 2024 16:54:26 +0100 Subject: [PATCH] Moved the changepassword function to the bottom so that it's under authentication, made it actually change the password, make it && instead of || so it doesn't cause the glitch stated in the last commit --- main.go | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/main.go b/main.go index 3259c13..3d55cd6 100644 --- a/main.go +++ b/main.go @@ -419,7 +419,7 @@ func main() { enableAPIVersion2 := false enableAPIVersion1 := false - version1PasswordChange := data["passwordchange"].(string) + version1PasswordChange := data["newpass"].(string) versionCheck := c.GetHeader("X-Burgernotes-Version") if versionCheck != "" { versionCheckInt, err := strconv.Atoi(versionCheck) @@ -452,27 +452,6 @@ func main() { return } - if enableAPIVersion1 || version1PasswordChange != "no" { - salt, err := genSalt(16) - if err != nil { - log.Println("[ERROR] Unknown in /api/login genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) - c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-SALT"}) - return - } - hashedPassword, err := hash(version1PasswordChange, salt) - if err != nil { - log.Println("[ERROR] Unknown in /api/login hash() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) - c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-HASH"}) - return - } - _, err = conn.Exec("UPDATE users SET password = ? WHERE id = ?", hashedPassword, userid) - if err != nil { - log.Println("[ERROR] Unknown in /api/login Exec() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) - c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-DBUPDATE"}) - return - } - } - if enableAPIVersion2 || enableAPIVersion1 { _, _, hashedPasswd, err := getUser(userid) if err != nil { @@ -523,6 +502,28 @@ func main() { return } } + + + if enableAPIVersion1 && version1PasswordChange != "null" { + salt, err := genSalt(16) + if err != nil { + log.Println("[ERROR] Unknown in /api/login genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) + c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-SALT"}) + return + } + hashedPassword, err := hash(version1PasswordChange, salt) + if err != nil { + log.Println("[ERROR] Unknown in /api/login hash() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) + c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-HASH"}) + return + } + _, err = conn.Exec("UPDATE users SET password = ? WHERE id = ?", hashedPassword, userid) + if err != nil { + log.Println("[ERROR] Unknown in /api/login Exec() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err) + c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-DBUPDATE"}) + return + } + } token, err := genSalt(512) if err != nil {