zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

throw error instead of infinitely redirecting bad challenge clients

Browse Source
This commit is contained in:
zefie
2025-08-12 22:49:49 -04:00
parent df7766ccd5
commit 11cf003549
1 changed files with 38 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/ValidateLogin.js
View File

@@ -56,7 +56,7 @@ wtv-visit: client:hangupphone`
} else { } else {
wtvsec_login = session_data.get("wtvsec_login"); wtvsec_login = session_data.get("wtvsec_login");
} }
let errpage;
if (socket.ssid !== null) { if (socket.ssid !== null) {
if (wtvsec_login.ticket_b64 == null) { if (wtvsec_login.ticket_b64 == null) {
challenge_response = wtvsec_login.challenge_response; challenge_response = wtvsec_login.challenge_response;
@@ -70,32 +70,33 @@ wtv-visit: client:hangupphone`
console.log(" * wtv-challenge-response FAILED for " + wtvshared.filterSSID(socket.ssid)); console.log(" * wtv-challenge-response FAILED for " + wtvshared.filterSSID(socket.ssid));
if (minisrv_config.config.debug_flags.debug) console.log("Response Expected:", challenge_response.toString(CryptoJS.enc.Base64)); if (minisrv_config.config.debug_flags.debug) console.log("Response Expected:", challenge_response.toString(CryptoJS.enc.Base64));
if (minisrv_config.config.debug_flags.debug) console.log("Response Received:", client_challenge_response) if (minisrv_config.config.debug_flags.debug) console.log("Response Received:", client_challenge_response)
gourl = "wtv-head-waiter:/login?reissue_challenge=true"; errpage = wtvshared.doErrorPage(500, "Invalid challenge response received");
headers = errpage[0];
data = errpage[1];
} }
} else { } else {
gourl = "wtv-head-waiter:/login?no_response=true"; errpage = wtvshared.doErrorPage(500, "No challenge response received");
headers = errpage[0];
data = errpage[1];
} }
} else { } else {
gourl = "wtv-head-waiter:/login-stage-two?"; gourl = "wtv-head-waiter:/login-stage-two?";
} }
} }
if (!errpage) {
if (user_id != null && !request_headers.query.initial_login && !request_headers.query.user_login && !request_headers.query.relogin && !request_headers.query.reconnect) { if (user_id != null && !request_headers.query.initial_login && !request_headers.query.user_login && !request_headers.query.relogin && !request_headers.query.reconnect) {
if (request_headers.query.password == "") { if (request_headers.query.password == "") {
headers = `403 Please enter your password and try again headers = `403 Please enter your password and try again
minisrv-no-mail-count: true minisrv-no-mail-count: true`;
`;
} else if (session_data.validateUserPassword(request_headers.query.password)) { } else if (session_data.validateUserPassword(request_headers.query.password)) {
session_data.setUserLoggedIn(true); session_data.setUserLoggedIn(true);
headers = `200 OK headers = `200 OK
minisrv-no-mail-count: true minisrv-no-mail-count: true
Content-Type: text/html Content-Type: text/html
wtv-visit: ${gourl} wtv-visit: ${gourl}`;
`;
} else { } else {
headers = `403 The password you entered was incorrect. Please retype it and try again. headers = `403 The password you entered was incorrect. Please retype it and try again.
minisrv-no-mail-count: true minisrv-no-mail-count: true`;
`;
} }
} else { } else {
if (session_data.baddisk === true && !ssid_sessions[socket.ssid].get("bad_disk_shown")) { if (session_data.baddisk === true && !ssid_sessions[socket.ssid].get("bad_disk_shown")) {
@@ -124,4 +125,5 @@ wtv-visit: ${gourl}`;
} }
} }
}
} }