mirror of
https://git.42l.fr/neil/sncf.git
synced 2024-05-11 02:06:34 +02:00
now force login on /admin/<token> route, partial fix for #27
This commit is contained in:
parent
05a15b1680
commit
9612086790
|
@ -52,8 +52,8 @@ pub async fn forward(
|
|||
// (prevents the user from sending some specific POST requests)
|
||||
if check_request(route, &body) {
|
||||
debug(&format!(
|
||||
"Restricted request: {}",
|
||||
String::from_utf8_lossy(&body)
|
||||
"Restricted request: {}",
|
||||
String::from_utf8_lossy(&body)
|
||||
));
|
||||
return Err(crash(get_lang(&req), "error_dirtyhacker"));
|
||||
}
|
||||
|
@ -70,8 +70,8 @@ pub async fn forward(
|
|||
// and basic-auth, because this feature is not needed.
|
||||
for (header_name, header_value) in res
|
||||
.headers()
|
||||
.iter()
|
||||
.filter(|(h, _)| *h != "connection" && *h != "content-encoding")
|
||||
.iter()
|
||||
.filter(|(h, _)| *h != "connection" && *h != "content-encoding")
|
||||
{
|
||||
client_resp.header(header_name.clone(), header_value.clone());
|
||||
}
|
||||
|
@ -91,8 +91,8 @@ pub async fn forward(
|
|||
let form_id = check_new_form(&response_body);
|
||||
if form_id > 0 {
|
||||
debug(&format!(
|
||||
"New form. Forging request to set isAnonymous for id {}",
|
||||
form_id
|
||||
"New form. Forging request to set isAnonymous for id {}",
|
||||
form_id
|
||||
));
|
||||
|
||||
let forged_body = format!(
|
||||
|
@ -105,8 +105,8 @@ pub async fn forward(
|
|||
&url,
|
||||
&client,
|
||||
)
|
||||
.set_header("content-length", forged_body.len())
|
||||
.set_header("content-type", "application/json;charset=utf-8");
|
||||
.set_header("content-length", forged_body.len())
|
||||
.set_header("content-type", "application/json;charset=utf-8");
|
||||
|
||||
let res = update_req.send_body(forged_body).await.map_err(|e| {
|
||||
eprintln!("error_forward_isanon: {}", e);
|
||||
|
@ -129,8 +129,8 @@ pub async fn forward(
|
|||
|
||||
// check the response before returning it (unused)
|
||||
/*if check_response(route, &response_body) {
|
||||
return Ok(web_redir("/"));
|
||||
}*/
|
||||
return Ok(web_redir("/"));
|
||||
}*/
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
|
@ -149,13 +149,6 @@ pub async fn forward_login(
|
|||
client: web::Data<Client>,
|
||||
dbpool: web::Data<DbPool>,
|
||||
) -> Result<HttpResponse, TrainCrash> {
|
||||
// if the user is already logged in, redirect to the Forms app
|
||||
if is_logged_in(&req).is_some() {
|
||||
return Ok(web_redir("/apps/forms").await.map_err(|e| {
|
||||
eprintln!("error_redirect (1:/apps/forms/): {}", e);
|
||||
crash(get_lang(&req), "error_redirect")
|
||||
})?);
|
||||
}
|
||||
|
||||
// check if the provided token seems valid. If not, early return.
|
||||
if !check_token(¶ms.token) {
|
||||
|
@ -176,12 +169,24 @@ pub async fn forward_login(
|
|||
eprintln!("error_forwardlogin_db_get (diesel error): {}", e);
|
||||
crash(get_lang(&req), "error_forwardlogin_db_get")
|
||||
})?
|
||||
.ok_or_else(|| {
|
||||
debug("Token not found.");
|
||||
crash(get_lang(&req), "error_forwardlogin_notfound")
|
||||
})?;
|
||||
.ok_or_else(|| {
|
||||
debug("error: Token not found.");
|
||||
crash(get_lang(&req), "error_forwardlogin_notfound")
|
||||
})?;
|
||||
|
||||
// if the user is already logged in, skip the login process
|
||||
// we don't care if someone edits their cookies, Nextcloud will properly
|
||||
// check them anyway
|
||||
if let Some(nc_username) = is_logged_in(&req) {
|
||||
if nc_username.contains(&format!("nc_username={}", formdata.nc_username)) {
|
||||
return Ok(web_redir("/apps/forms").await.map_err(|e| {
|
||||
eprintln!("error_redirect (1:/apps/forms/): {}", e);
|
||||
crash(get_lang(&req), "error_redirect")
|
||||
})?);
|
||||
}
|
||||
}
|
||||
|
||||
// else, try to log the user in with DB data, then redirect.
|
||||
// try to log the user in with DB data, then redirect.
|
||||
login(&client, &req, &formdata.nc_username, &formdata.nc_password).await
|
||||
}
|
||||
|
||||
|
@ -352,7 +357,7 @@ pub async fn index(req: HttpRequest, s: Session) -> Result<HttpResponse, TrainCr
|
|||
let (csrf_token, csrf_cookie) = seed
|
||||
.generate_token_pair(None, 43200)
|
||||
.expect("couldn't generate token/cookie pair");
|
||||
|
||||
|
||||
s.set("sncf_csrf_token", &base64::encode_config(&csrf_cookie.value(), base64::URL_SAFE_NO_PAD)).map_err(|e| {
|
||||
eprintln!("error_login_setcookie (in index): {}", e);
|
||||
crash(get_lang(&req), "error_login_setcookie")
|
||||
|
|
Loading…
Reference in a new issue