fixing sncf_admin_token parsing error

2024-04-28 12:12:44 +02:00 · 2020-08-19 16:44:31 +02:00 · 2020-08-19 16:44:31 +02:00 · bdba48acf2
parent 249aeff8fe
commit bdba48acf2
2 changed files with 32 additions and 15 deletions
--- a/lang.json
+++ b/lang.json
@ -291,6 +291,10 @@
        "en": "Failed adding the Nextcloud account in the local database.",
        "fr": "L'ajout du compte Nextcloud dans la base de données locale a échoué."
    },
+    "error_forwardregister_tokenparse": {
+        "en": "Failed parsing the admin token.",
+        "fr": "Échec lors de la lecture du token administrateur."
+    },
    "error_login_cookiepair": {
        "en": "Couldn't read cookies.",
        "fr": "Échec lors de la lecture de cookies."
--- a/src/forward.rs
+++ b/src/forward.rs
@ -3,6 +3,7 @@ use actix_web::{http, web, HttpRequest, HttpResponse};
 use askama::Template;
 use chrono::Utc;
 use url::Url;
+use regex::Regex;

 use crate::account::*;
 use crate::config::PAYLOAD_LIMIT;
@ -158,18 +159,30 @@ pub async fn forward_register(

    // if the user has already generated an admin token, redirect too
    if let Some(token) = has_admintoken(&req) {
-        let admin_token =
-            token.splitn(2, ';').collect::<Vec<&str>>()[0].replace("sncf_admin_token=", "");
-        // sanitize the token beforehand, cookies are unsafe
-        if check_token(&admin_token) {
-            return Ok(web_redir(&format!(
-                        "{}/admin/{}",
-                        CONFIG.sncf_url, &admin_token
-            )));
-        } else {
-            debug("Incorrect admin token given.");
-            return Err(crash(lang, "error_dirtyhacker"));
+        lazy_static! {
+            static ref RE: Regex = Regex::new(r#"sncf_admin_token=(?P<token>[0-9A-Za-z]*)"#).expect("Error while parsing the sncf_admin_token regex");
        }
+        let admin_token = RE.captures(&token)
+            .ok_or_else(|| {
+                eprintln!("error_forwardregister_tokenparse (no capture)");
+                crash(get_lang(&req), "error_forwardregister_tokenparse")
+            })?
+        .name("token")
+            .ok_or_else(|| {
+                eprintln!("error_forwardregister_tokenparse (no capture named token)");
+                crash(get_lang(&req), "error_forwardregister_tokenparse")
+            })?
+        .as_str();
+            // sanitize the token beforehand, cookies are unsafe
+            if check_token(&admin_token) {
+                return Ok(web_redir(&format!(
+                            "{}/admin/{}",
+                            CONFIG.sncf_url, &admin_token
+                )));
+            } else {
+                debug("Incorrect admin token given.");
+                return Err(crash(lang, "error_dirtyhacker"));
+            }
    }

    let nc_username = gen_name();
@ -257,9 +270,9 @@ pub async fn index(req: HttpRequest) -> Result<HttpResponse, TrainCrash> {
                lang: &get_lang(&req),
            }
            .render()
-    .map_err(|e| {
-        eprintln!("error_tplrender (TplIndex): {}", e);
-        crash(get_lang(&req), "error_tplrender")
-    })?,
+            .map_err(|e| {
+                eprintln!("error_tplrender (TplIndex): {}", e);
+                crash(get_lang(&req), "error_tplrender")
+            })?,
    ))
 }