You've already forked AstralRinth
forked from didirus/AstralRinth
Next auth fixes (#658)
This commit is contained in:
Geometrically
1
migrations/20230714235551_fix-2fa-type.sql
Normal file
1
migrations/20230714235551_fix-2fa-type.sql
Normal file
@@ -0,0 +1 @@
|
||||
ALTER TABLE users ALTER COLUMN totp_secret TYPE varchar(32);
|
||||
@@ -33,10 +33,10 @@
|
||||
</style>
|
||||
<style type="text/css">
|
||||
u+.modrinth-email .gs{background:#000;mix-blend-mode:screen;display:inline-block;padding:0;margin:0;}u+.modrinth-email .gd{background:#000;mix-blend-mode:difference;display:inline-block;padding:0;margin:0;}p{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;}u+.modrinth-email a,#MessageViewBody a,a[x-apple-data-detectors]{color:inherit!important;text-decoration:none!important;font-size:inherit!important;font-family:inherit!important;font-weight:inherit!important;line-height:inherit!important;}td.b .klaviyo-image-block{display:inline;vertical-align:middle;}
|
||||
@media only screen and (max-width:599px){.modrinth-email{height:100%!important;margin:0!important;padding:0!important;width:100%!important;}u+.modrinth-email .glist{margin-left:1em!important;}td.ico.v>div.il>a.l.m,td.ico.v .mn-label{padding-right:0!important;padding-bottom:16px!important;}td.x{padding-left:0!important;padding-right:0!important;}.fwm img{max-width:100%!important;height:auto!important;}.aw img{width:auto!important;margin-left:auto!important;margin-right:auto!important;}.ah img{height:auto!important;}td.b.nw>table,td.b.nw a{width:auto!important;}td.stk{border:0!important;}td.u{height:auto!important;}br.sb{display:none!important;}.thd-1 .i-thumbnail{display:inline-block!important;height:auto!important;overflow:hidden!important;}.hd-1{display:block!important;height:auto!important;overflow:visible!important;}.ht-1{display:table!important;height:auto!important;overflow:visible!important;}.hr-1{display:table-row!important;height:auto!important;overflow:visible!important;}.hc-1{display:table-cell!important;height:auto!important;overflow:visible!important;}div.r.pr-16>table>tbody>tr>td,div.r.pr-16>div>table>tbody>tr>td{padding-right:16px!important}div.r.pl-16>table>tbody>tr>td,div.r.pl-16>div>table>tbody>tr>td{padding-left:16px!important}td.b.fw-1>table{width:100%!important}td.fw-1>table>tbody>tr>td>a{display:block!important;width:100%!important;padding-left:0!important;padding-right:0!important;}td.b.fw-1>table{width:100%!important}td.fw-1>table>tbody>tr>td{width:100%!important;padding-left:0!important;padding-right:0!important;}td.b.hvt-D9D9D9>table>tbody>tr>td:hover *{color:#D9D9D9!important}td.b.hvb-00954E>table>tbody>tr>td:hover,td.b.hvb-00954E>table>tbody>tr>td:hover>a{background-color:#00954E!important;}.hvr-fade *{-webkit-transition-duration:0.2s;transition-duration:0.2s;-webkit-transition-property:background-color,color;transition-property:background-color,color;}}
|
||||
@media only screen and (max-width:599px){.modrinth-email{height:100%!important;margin:0!important;padding:0!important;width:100%!important;}u+.modrinth-email .glist{margin-left:1em!important;}td.ico.v>div.il>a.l.m,td.ico.v .mn-label{padding-right:0!important;padding-bottom:16px!important;}td.x{padding-left:0!important;padding-right:0!important;}.fwm img{max-width:100%!important;height:auto!important;}.aw img{width:auto!important;margin-left:auto!important;margin-right:auto!important;}.ah img{height:auto!important;}td.b.nw>table,td.b.nw a{width:auto!important;}td.stk{border:0!important;}td.u{height:auto!important;}br.sb{display:none!important;}.thd-1 .i-thumbnail{display:inline-block!important;height:auto!important;overflow:hidden!important;}.hd-1{display:block!important;height:auto!important;overflow:visible!important;}.ht-1{display:table!important;height:auto!important;overflow:visible!important;}.hr-1{display:table-row!important;height:auto!important;overflow:visible!important;}.hc-1{display:table-cell!important;height:auto!important;overflow:visible!important;}div.r.pr-16>table>tbody>tr>td,div.r.pr-16>div>table>tbody>tr>td{padding-right:16px!important}div.r.pl-16>table>tbody>tr>td,div.r.pl-16>div>table>tbody>tr>td{padding-left:16px!important}td.b.fw-1>table{width:100%!important}td.fw-1>table>tbody>tr>td>a{display:block!important;width:100%!important;padding-left:0!important;padding-right:0!important;}td.b.fw-1>table{width:100%!important}td.fw-1>table>tbody>tr>td{width:100%!important;padding-left:0!important;padding-right:0!important;}}
|
||||
@media (prefers-color-scheme:light) and (max-width:599px){.ds-1.hd-1{display:none!important;height:0!important;overflow:hidden!important;}}
|
||||
@media (prefers-color-scheme:dark) and (max-width:599px){.ds-1.hd-1{display:block!important;height:auto!important;overflow:visible!important;}}
|
||||
@media (prefers-color-scheme:dark){div.r.db-000000,div.r.db-000000>table{background-color:#000000!important;}div.r.dt-FFFFFE *{color:#FFFFFE!important}.dh-1{display:none!important;max-width:0!important;max-height:0!important;overflow:hidden!important;mso-hide:all!important;}.ds-1{display:block!important;max-width:none!important;max-height:none!important;height:auto!important;overflow:visible!important;mso-hide:all!important;}td.b.dt-000000 *{color:#000000!important}td.b.db-1BD96A>table>tbody>tr>td,td.b.db-1BD96A>table>tbody>tr>td>a{background-color:#1BD96A!important;}td.x.dt-B0BAC5 *{color:#B0BAC5!important}}.hvr-fade *{-webkit-transition-duration:0.2s;transition-duration:0.2s;-webkit-transition-property:background-color,color;transition-property:background-color,color;}td.b.hvt-D9D9D9>table>tbody>tr>td:hover *{color:#000000!important}td.b.hvb-00954E>table>tbody>tr>td:hover,td.b.hvb-00954E>table>tbody>tr>td:hover>a{background-color:#12b95a!important;}
|
||||
@media (prefers-color-scheme:dark){div.r.db-000000,div.r.db-000000>table{background-color:#000000!important;}div.r.dt-FFFFFE *{color:#FFFFFE!important}.dh-1{display:none!important;max-width:0!important;max-height:0!important;overflow:hidden!important;mso-hide:all!important;}.ds-1{display:block!important;max-width:none!important;max-height:none!important;height:auto!important;overflow:visible!important;mso-hide:all!important;}td.b.dt-000000 *{color:#000000!important}td.b.db-1BD96A>table>tbody>tr>td,td.b.db-1BD96A>table>tbody>tr>td>a{background-color:#1BD96A!important;}td.x.dt-B0BAC5 *{color:#B0BAC5!important}}.hvr-fade *{-webkit-transition-duration:0.2s;transition-duration:0.2s;-webkit-transition-property:background-color,color;transition-property:background-color,color;}
|
||||
</style>
|
||||
<meta name="color-scheme" content="light dark">
|
||||
<meta name="supported-color-schemes" content="light dark">
|
||||
|
||||
@@ -773,7 +773,7 @@ pub async fn init(
|
||||
url: info.url,
|
||||
provider: info.provider,
|
||||
}
|
||||
.insert(Utc::now() + Duration::minutes(30), &redis)
|
||||
.insert(Duration::minutes(30), &redis)
|
||||
.await?;
|
||||
|
||||
let url = info.provider.get_redirect_url(state)?;
|
||||
@@ -845,7 +845,7 @@ pub async fn auth_callback(
|
||||
|
||||
if user.totp_secret.is_some() {
|
||||
let flow = Flow::Login2FA { user_id: user.id }
|
||||
.insert(Utc::now() + Duration::minutes(30), &redis)
|
||||
.insert(Duration::minutes(30), &redis)
|
||||
.await?;
|
||||
|
||||
let redirect_url = format!(
|
||||
@@ -1164,7 +1164,7 @@ pub async fn create_account_with_password(
|
||||
user_id,
|
||||
confirm_email: new_account.email.clone(),
|
||||
}
|
||||
.insert(Utc::now() + Duration::hours(24), &redis)
|
||||
.insert(Duration::hours(24), &redis)
|
||||
.await?;
|
||||
|
||||
send_email_verify(
|
||||
@@ -1253,7 +1253,7 @@ pub async fn login_password(
|
||||
|
||||
if user.totp_secret.is_some() {
|
||||
let flow = Flow::Login2FA { user_id: user.id }
|
||||
.insert(Utc::now() + Duration::minutes(30), &redis)
|
||||
.insert(Duration::minutes(30), &redis)
|
||||
.await?;
|
||||
|
||||
Ok(HttpResponse::Ok().json(serde_json::json!({
|
||||
@@ -1381,7 +1381,7 @@ pub async fn begin_2fa_flow(
|
||||
user_id: user.id.into(),
|
||||
secret: encoded.to_string(),
|
||||
}
|
||||
.insert(Utc::now() + Duration::minutes(30), &redis)
|
||||
.insert(Duration::minutes(30), &redis)
|
||||
.await?;
|
||||
|
||||
Ok(HttpResponse::Ok().json(serde_json::json!({
|
||||
@@ -1514,7 +1514,7 @@ pub async fn remove_2fa(
|
||||
req: HttpRequest,
|
||||
pool: Data<PgPool>,
|
||||
redis: Data<deadpool_redis::Pool>,
|
||||
login: web::Json<Login2FA>,
|
||||
login: web::Json<Remove2FA>,
|
||||
session_queue: Data<AuthQueue>,
|
||||
) -> Result<HttpResponse, ApiError> {
|
||||
let (scopes, user) =
|
||||
@@ -1604,7 +1604,7 @@ pub async fn reset_password_begin(
|
||||
|
||||
if let Some(user) = user {
|
||||
let flow = Flow::ForgotPassword { user_id: user.id }
|
||||
.insert(Utc::now() + Duration::hours(24), &redis)
|
||||
.insert(Duration::hours(24), &redis)
|
||||
.await?;
|
||||
|
||||
if let Some(email) = user.email {
|
||||
@@ -1820,7 +1820,7 @@ pub async fn set_email(
|
||||
user_id: user.id.into(),
|
||||
confirm_email: email.email.clone(),
|
||||
}
|
||||
.insert(Utc::now() + Duration::hours(24), &redis)
|
||||
.insert(Duration::hours(24), &redis)
|
||||
.await?;
|
||||
|
||||
send_email_verify(
|
||||
@@ -1863,7 +1863,7 @@ pub async fn resend_verify_email(
|
||||
user_id: user.id.into(),
|
||||
confirm_email: email.clone(),
|
||||
}
|
||||
.insert(Utc::now() + Duration::hours(24), &redis)
|
||||
.insert(Duration::hours(24), &redis)
|
||||
.await?;
|
||||
|
||||
send_email_verify(email, flow, "We need to verify your email address.")?;
|
||||
@@ -1940,6 +1940,6 @@ fn send_email_verify(
|
||||
"Verify your email",
|
||||
opener,
|
||||
"Please visit the following link below to verify your email. If the button does not work, you can copy the link and paste it into your browser. This link expires in 24 hours.",
|
||||
Some(("Reset password", &format!("{}/{}?flow={}", dotenvy::var("SITE_VERIFY_EMAIL_PATH")?, dotenvy::var("SITE_RESET_PASSWORD_PATH")?, flow))),
|
||||
Some(("Verify email", &format!("{}/{}?flow={}", dotenvy::var("SITE_URL")?, dotenvy::var("SITE_VERIFY_EMAIL_PATH")?, flow))),
|
||||
)
|
||||
}
|
||||
|
||||
@@ -167,7 +167,7 @@ pub async fn delete(
|
||||
let session = DBSession::get(info.into_inner().0, &**pool, &redis).await?;
|
||||
|
||||
if let Some(session) = session {
|
||||
if session.user_id != current_user.id.into() {
|
||||
if session.user_id == current_user.id.into() {
|
||||
let mut transaction = pool.begin().await?;
|
||||
DBSession::remove(session.id, &mut transaction).await?;
|
||||
DBSession::clear_cache(
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
use super::ids::*;
|
||||
use crate::auth::flows::AuthProvider;
|
||||
use crate::database::models::DatabaseError;
|
||||
use chrono::{DateTime, Timelike, Utc};
|
||||
use chrono::Duration;
|
||||
use rand::distributions::Alphanumeric;
|
||||
use rand::Rng;
|
||||
use rand_chacha::rand_core::SeedableRng;
|
||||
@@ -38,7 +38,7 @@ pub enum Flow {
|
||||
impl Flow {
|
||||
pub async fn insert(
|
||||
&self,
|
||||
expires: DateTime<Utc>,
|
||||
expires: Duration,
|
||||
redis: &deadpool_redis::Pool,
|
||||
) -> Result<String, DatabaseError> {
|
||||
let mut redis = redis.get().await?;
|
||||
@@ -53,7 +53,7 @@ impl Flow {
|
||||
.arg(format!("{}:{}", FLOWS_NAMESPACE, flow))
|
||||
.arg(serde_json::to_string(&self)?)
|
||||
.arg("EX")
|
||||
.arg(expires.second())
|
||||
.arg(expires.num_seconds())
|
||||
.query_async::<_, ()>(&mut redis)
|
||||
.await?;
|
||||
|
||||
|
||||
@@ -79,10 +79,10 @@ bitflags::bitflags! {
|
||||
|
||||
// read a user's sessions
|
||||
const SESSION_READ = 1 << 28;
|
||||
// delete a session22
|
||||
// delete a session
|
||||
const SESSION_DELETE = 1 << 29;
|
||||
|
||||
const ALL = 0b11111111111111111111111111111;
|
||||
const ALL = 0b111111111111111111111111111111;
|
||||
const NOT_RESTRICTED = 0b00000011111111111111100111;
|
||||
const NONE = 0b0;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user