Git-Mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-06-06 05:59:02 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update authentication.cr

Browse source
This commit is contained in:
Ryan G 2023-06-12 23:05:10 -07:00
parent 950c61d21e
commit d376e1f6b5
1 changed files with 21 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/invidious/routes/api/v1/authentication.cr
View file

@ -85,8 +85,8 @@ module Invidious::Routes::API::V1::Authentication
username = captcha_response.username.downcase username = captcha_response.username.downcase
password = captcha_response.password password = captcha_response.password
username = "" if username.nil? answer = captcha_response.answer
password = "" if password.nil? tokens = captcha_response.tokens
if username.empty? if username.empty?
return error_json(401, "Username cannot be empty") return error_json(401, "Username cannot be empty")
@ -108,13 +108,25 @@ module Invidious::Routes::API::V1::Authentication
username = username.byte_slice(0, 254) username = username.byte_slice(0, 254)
password = password.byte_slice(0, 55) password = password.byte_slice(0, 55)
answer = captcha_response.answer answer = Digest::MD5.hexdigest(answer.downcase.strip)
answer = answer.lstrip('0')
answer = OpenSSL::HMAC.hexdigest(:sha256, HMAC_KEY, answer) if tokens.empty?
begin return error_template(500, "Erroneous CAPTCHA")
validate_request(captcha_response.tokens[0], answer, env.request, HMAC_KEY, locale) end
rescue ex
return error_json(400, ex) found_valid_captcha = false
error_exception = Exception.new
tokens.each do |tok|
begin
validate_request(tok, answer, env.request, HMAC_KEY, locale)
found_valid_captcha = true
rescue ex
error_exception = ex
end
end
if !found_valid_captcha
return error_template(500, error_exception)
end end
# create user # create user
sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32)) sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))