mirror of
https://git.42l.fr/neil/sncf.git
synced 2024-04-28 12:12:44 +02:00
fixing sncf_admin_token parsing error
This commit is contained in:
parent
249aeff8fe
commit
bdba48acf2
|
@ -291,6 +291,10 @@
|
|||
"en": "Failed adding the Nextcloud account in the local database.",
|
||||
"fr": "L'ajout du compte Nextcloud dans la base de données locale a échoué."
|
||||
},
|
||||
"error_forwardregister_tokenparse": {
|
||||
"en": "Failed parsing the admin token.",
|
||||
"fr": "Échec lors de la lecture du token administrateur."
|
||||
},
|
||||
"error_login_cookiepair": {
|
||||
"en": "Couldn't read cookies.",
|
||||
"fr": "Échec lors de la lecture de cookies."
|
||||
|
|
|
@ -3,6 +3,7 @@ use actix_web::{http, web, HttpRequest, HttpResponse};
|
|||
use askama::Template;
|
||||
use chrono::Utc;
|
||||
use url::Url;
|
||||
use regex::Regex;
|
||||
|
||||
use crate::account::*;
|
||||
use crate::config::PAYLOAD_LIMIT;
|
||||
|
@ -158,18 +159,30 @@ pub async fn forward_register(
|
|||
|
||||
// if the user has already generated an admin token, redirect too
|
||||
if let Some(token) = has_admintoken(&req) {
|
||||
let admin_token =
|
||||
token.splitn(2, ';').collect::<Vec<&str>>()[0].replace("sncf_admin_token=", "");
|
||||
// sanitize the token beforehand, cookies are unsafe
|
||||
if check_token(&admin_token) {
|
||||
return Ok(web_redir(&format!(
|
||||
"{}/admin/{}",
|
||||
CONFIG.sncf_url, &admin_token
|
||||
)));
|
||||
} else {
|
||||
debug("Incorrect admin token given.");
|
||||
return Err(crash(lang, "error_dirtyhacker"));
|
||||
lazy_static! {
|
||||
static ref RE: Regex = Regex::new(r#"sncf_admin_token=(?P<token>[0-9A-Za-z]*)"#).expect("Error while parsing the sncf_admin_token regex");
|
||||
}
|
||||
let admin_token = RE.captures(&token)
|
||||
.ok_or_else(|| {
|
||||
eprintln!("error_forwardregister_tokenparse (no capture)");
|
||||
crash(get_lang(&req), "error_forwardregister_tokenparse")
|
||||
})?
|
||||
.name("token")
|
||||
.ok_or_else(|| {
|
||||
eprintln!("error_forwardregister_tokenparse (no capture named token)");
|
||||
crash(get_lang(&req), "error_forwardregister_tokenparse")
|
||||
})?
|
||||
.as_str();
|
||||
// sanitize the token beforehand, cookies are unsafe
|
||||
if check_token(&admin_token) {
|
||||
return Ok(web_redir(&format!(
|
||||
"{}/admin/{}",
|
||||
CONFIG.sncf_url, &admin_token
|
||||
)));
|
||||
} else {
|
||||
debug("Incorrect admin token given.");
|
||||
return Err(crash(lang, "error_dirtyhacker"));
|
||||
}
|
||||
}
|
||||
|
||||
let nc_username = gen_name();
|
||||
|
@ -257,9 +270,9 @@ pub async fn index(req: HttpRequest) -> Result<HttpResponse, TrainCrash> {
|
|||
lang: &get_lang(&req),
|
||||
}
|
||||
.render()
|
||||
.map_err(|e| {
|
||||
eprintln!("error_tplrender (TplIndex): {}", e);
|
||||
crash(get_lang(&req), "error_tplrender")
|
||||
})?,
|
||||
.map_err(|e| {
|
||||
eprintln!("error_tplrender (TplIndex): {}", e);
|
||||
crash(get_lang(&req), "error_tplrender")
|
||||
})?,
|
||||
))
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue