fix login, probably break 5 other things
This commit is contained in:
zefie
@@ -46,20 +46,20 @@ wtv-visit: client:hangupphone`
|
||||
}
|
||||
}
|
||||
|
||||
if (user_id && !request_headers.query.initial_login && !request_headers.query.user_login) {
|
||||
if (user_id != null && !request_headers.query.initial_login && !request_headers.query.user_login) {
|
||||
if (request_headers.query.password == "") {
|
||||
headers = `500 Please enter your password and try again
|
||||
headers = `403 Please enter your password and try again
|
||||
minisrv-no-mail-count: true
|
||||
`;
|
||||
} else if (ssid_sessions[socket.ssid].validateUserPassword(request_headers.query.password)) {
|
||||
ssid_sessions[socket.ssid].setSessionData('password_valid', true)
|
||||
ssid_sessions[socket.ssid].setUserLoggedIn(true);
|
||||
headers = `200 OK
|
||||
minisrv-no-mail-count: true
|
||||
Content-Type: text/html
|
||||
wtv-visit: ${gourl}
|
||||
`;
|
||||
} else {
|
||||
headers = `500 The password you entered was incorrect. Please retype it and try again.
|
||||
headers = `403 The password you entered was incorrect. Please retype it and try again.
|
||||
minisrv-no-mail-count: true
|
||||
`;
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ var minisrv_service_file = true;
|
||||
var gourl = null;
|
||||
|
||||
if (!ssid_sessions[socket.ssid].isRegistered() && (!request_headers.query.guest_login || !minisrv_config.config.allow_guests)) gourl = "wtv-register:/splash?";
|
||||
var home_url = "wtv-home:/home?";
|
||||
|
||||
if (gourl) {
|
||||
headers = `200 OK
|
||||
@@ -30,8 +31,8 @@ else {
|
||||
var userid = '1' + Math.floor(Math.random() * 1000000000000000000);
|
||||
var messenger_enabled = 0;
|
||||
var messenger_authorized = 0;
|
||||
if (request_headers.query.skip_splash) var home_url = "wtv-home:/home?";
|
||||
else var home_url = "wtv-home:/splash?";
|
||||
if (request_headers.query.skip_splash) gourl = "wtv-home:/home?";
|
||||
else gourl = "wtv-home:/splash?";
|
||||
} else if (!ssid_sessions[socket.ssid].getSessionData("registered")) {
|
||||
var errpage = wtvshared.doErrorPage(400);
|
||||
headers = errpage[0];
|
||||
@@ -42,10 +43,10 @@ else {
|
||||
var human_name = ssid_sessions[socket.ssid].getSessionData("subscriber_name") || nickname;
|
||||
var messenger_enabled = ssid_sessions[socket.ssid].getSessionData("messenger_enabled") || 0;
|
||||
var messenger_authorized = ssid_sessions[socket.ssid].getSessionData("messenger_authorized") || 0;
|
||||
var home_url = "wtv-home:/splash?";
|
||||
var gourl = "wtv-home:/splash?";
|
||||
}
|
||||
var limitedLogin = ssid_sessions[socket.ssid].lockdown;
|
||||
var limitedLoginRegistered = (limitedLogin || (ssid_sessions[socket.ssid].isRegistered() && !ssid_sessions[socket.ssid].getSessionData('password_valid')));
|
||||
var limitedLoginRegistered = (limitedLogin || (ssid_sessions[socket.ssid].isRegistered() && !ssid_sessions[socket.ssid].isUserLoggedIn()));
|
||||
var offline_user_list = null;
|
||||
if (ssid_sessions[socket.ssid].isRegistered() && ssid_sessions[socket.ssid].user_id == 0) {
|
||||
var accounts = ssid_sessions[socket.ssid].listPrimaryAccountUsers();
|
||||
@@ -61,7 +62,10 @@ else {
|
||||
offline_user_list = CryptoJS.enc.Latin1.parse(offline_user_list_str).toString(CryptoJS.enc.Base64);
|
||||
}
|
||||
|
||||
if (limitedLoginRegistered) var home_url = "wtv-head-waiter:/password?";
|
||||
if (limitedLoginRegistered) {
|
||||
home_url = "wtv-head-waiter:/password?";
|
||||
gourl = home_url;
|
||||
}
|
||||
|
||||
data = '';
|
||||
|
||||
@@ -70,7 +74,7 @@ Connection: Keep-Alive
|
||||
wtv-expire-all: wtv-head-waiter:
|
||||
`;
|
||||
|
||||
if (!limitedLogin) {
|
||||
if (!limitedLogin && !limitedLoginRegistered) {
|
||||
headers += `wtv-client-time-zone: GMT -0000
|
||||
wtv-client-time-dst-rule: GMT
|
||||
wtv-client-date: `+ strftime("%a, %d %b %Y %H:%M:%S", new Date(new Date().toUTCString())) + ` GMT
|
||||
@@ -84,7 +88,7 @@ wtv-smartcard-inserted-message: Contacting service
|
||||
wtv-ssl-timeout: 240
|
||||
wtv-login-timeout: 7200
|
||||
`;
|
||||
if (!limitedLogin) {
|
||||
if (!limitedLogin && !limitedLoginRegistered) {
|
||||
ssid_sessions[socket.ssid].assignMailStore();
|
||||
headers += getServiceString('all', { "exceptions": ["wtv-register"] });
|
||||
if (offline_user_list) headers += "wtv-offline-user-list: " + offline_user_list + "\n";
|
||||
@@ -109,7 +113,7 @@ wtv-messenger-enable: 0
|
||||
wtv-ssl-log-url: wtv-log:/log
|
||||
`;
|
||||
|
||||
if (!limitedLogin) {
|
||||
if (!limitedLogin && !limitedLoginRegistered) {
|
||||
headers += `wtv-bypass-proxy: false
|
||||
user-id: ${userid}
|
||||
wtv-human-name: ${human_name}
|
||||
@@ -134,7 +138,7 @@ wtv-inactive-timeout: 1440
|
||||
}
|
||||
*/
|
||||
|
||||
if (!limitedLogin) {
|
||||
if (!limitedLogin && !limitedLoginRegistered) {
|
||||
headers += "\nwtv-relogin-url: wtv-head-waiter:/relogin?relogin=true";
|
||||
if (request_headers.query.guest_login) headers += "&guest_login=true";
|
||||
|
||||
@@ -146,10 +150,10 @@ wtv-inactive-timeout: 1440
|
||||
headers += "\nwtv-home-url: " + home_url;
|
||||
}
|
||||
|
||||
if (ssid_sessions[socket.ssid].get('wtv-need-upgrade') != 'true' && !request_headers.query.reconnect && !limitedLogin)
|
||||
if (ssid_sessions[socket.ssid].get('wtv-need-upgrade') != 'true' && !request_headers.query.reconnect && !limitedLogin && !limitedLoginRegistered)
|
||||
headers += "\nwtv-settings-url: wtv-setup:/get\n";
|
||||
|
||||
if (!limitedLogin) {
|
||||
if (!limitedLogin && !limitedLoginRegistered) {
|
||||
headers += `wtv-force-lightweight-targets: webtv.net:/
|
||||
wtv-show-time-enabled: true
|
||||
wtv-allow-dsc: true
|
||||
@@ -161,6 +165,6 @@ wtv-wink-deferrer-retries: 3
|
||||
wtv-name-server: 8.8.8.8`;
|
||||
}
|
||||
}
|
||||
if (!request_headers.query.reconnect) headers += "\nwtv-visit: " + home_url;
|
||||
if (!request_headers.query.reconnect) headers += "\nwtv-visit: " + gourl;
|
||||
headers += "\nContent-Type: text/html";
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
var minisrv_service_file = true;
|
||||
ssid_sessions[socket.ssid].setUserLoggedIn(false);
|
||||
|
||||
var challenge_response, challenge_header = "";
|
||||
if (socket.ssid !== null) ssid_sessions[socket.ssid].switchUserID(0);
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
var minisrv_service_file = true;
|
||||
ssid_sessions[socket.ssid].setUserLoggedIn(false);
|
||||
|
||||
var gourl = "wtv-1800:/preregister?";
|
||||
if (request_headers.query.relogin) gourl += "relogin=true";
|
||||
|
||||
@@ -45,9 +45,10 @@ class WTVClientSessionData {
|
||||
"wtv-head-waiter:/relogin",
|
||||
"wtv-head-waiter:/ROMCache/Spacer.gif",
|
||||
"wtv-head-waiter:/ROMCache/NameStrip.gif",
|
||||
"wtv-head-waiter:/images/PasswordBanner.gif",
|
||||
"wtv-head-waiter:/ROMCache/UtilityBullet.gif",
|
||||
"wtv-head-waiter:/images/NameBanner.gif",
|
||||
"wtv-head-waiter:/bad-disk",
|
||||
"wtv-head-waiter:/images/PasswordBanner.gif",
|
||||
"wtv-log:/log",
|
||||
];
|
||||
this.lockdownWhitelist.push(minisrv_config.config.unauthorized_url);
|
||||
@@ -402,10 +403,14 @@ class WTVClientSessionData {
|
||||
|
||||
isUserLoggedIn() {
|
||||
if (!this.getUserPasswordEnabled()) return true; // no password is set so always validate
|
||||
var password_valid = this.getSessionData("password_valid");
|
||||
var password_valid = this.get("password_valid");
|
||||
return (password_valid);
|
||||
}
|
||||
|
||||
setUserLoggedIn(value) {
|
||||
return this.set("password_valid", value);
|
||||
}
|
||||
|
||||
saveSessionData(force_write = false, skip_merge = false) {
|
||||
if (this.isRegistered()) {
|
||||
if (!skip_merge) {
|
||||
|
||||
@@ -412,7 +412,7 @@ async function processURL(socket, request_headers) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (ssid_sessions[socket.ssid].isRegistered() && !ssid_sessions[socket.ssid].getSessionData('password_valid')) {
|
||||
if (ssid_sessions[socket.ssid].isRegistered() && !ssid_sessions[socket.ssid].isUserLoggedIn()) {
|
||||
if (!ssid_sessions[socket.ssid].isAuthorized(shortURL,'login')) {
|
||||
// user is not fully logged in, and URL not authorized
|
||||
headers = "300 Unauthorized\n";
|
||||
@@ -1112,7 +1112,7 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
|
||||
ssid_sessions[socket.ssid].switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false);
|
||||
}
|
||||
} else {
|
||||
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 != headers["wtv-ticket"])
|
||||
if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 != headers["wtv-ticket"]) {
|
||||
if (!ssid_sessions[socket.ssid].data_store.wtvsec_login.update_ticket) {
|
||||
if (minisrv_config.config.debug_flags.debug) console.log(" # New ticket from client");
|
||||
ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"];
|
||||
@@ -1123,6 +1123,7 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
|
||||
switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user