From 59ba999b5add6745e45d5e30753903e0f7fcdff6 Mon Sep 17 00:00:00 2001 From: zefie Date: Tue, 15 Feb 2022 17:48:43 -0500 Subject: [PATCH] fix null user bug, but also make a page to intentionally trigger it --- .../ServiceVault/wtv-tricks/nullify-me.js | 14 ++++++++++++++ zefie_wtvp_minisrv/WTVClientSessionData.js | 2 ++ zefie_wtvp_minisrv/app.js | 6 +++--- zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj | 3 +++ 4 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 zefie_wtvp_minisrv/ServiceVault/wtv-tricks/nullify-me.js diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-tricks/nullify-me.js b/zefie_wtvp_minisrv/ServiceVault/wtv-tricks/nullify-me.js new file mode 100644 index 00000000..6ebc5b5b --- /dev/null +++ b/zefie_wtvp_minisrv/ServiceVault/wtv-tricks/nullify-me.js @@ -0,0 +1,14 @@ +var minisrv_service_file = true; + +if (ssid_sessions[socket.ssid]) { + if (ssid_sessions[socket.ssid].data_store.wtvsec_login) { + if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store) { + if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id != null) { + if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0) + ssid_sessions[socket.ssid].switchUserID(null); + } + } + } +} + +headers = "400 You are now nullified."; diff --git a/zefie_wtvp_minisrv/WTVClientSessionData.js b/zefie_wtvp_minisrv/WTVClientSessionData.js index 339990fe..c14db9f9 100644 --- a/zefie_wtvp_minisrv/WTVClientSessionData.js +++ b/zefie_wtvp_minisrv/WTVClientSessionData.js @@ -362,6 +362,8 @@ class WTVClientSessionData { } catch (e) { // Don't log error 'file not found', it just means the client isn't registered yet if (e.code != "ENOENT") console.error(" # Error loading session data for", this.wtvshared.filterSSID(this.ssid), e); + // also wipe any existing session_store + this.session_store = {}; return false; } } diff --git a/zefie_wtvp_minisrv/app.js b/zefie_wtvp_minisrv/app.js index 3360920f..5c3a03c7 100644 --- a/zefie_wtvp_minisrv/app.js +++ b/zefie_wtvp_minisrv/app.js @@ -1095,8 +1095,8 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq if (headers["wtv-incarnation"]) ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]); ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"]; ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64); - if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id) { - if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id > 0) + if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id != null) { + if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0) ssid_sessions[socket.ssid].switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false); } } else { @@ -1106,7 +1106,7 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64 = headers["wtv-ticket"]; ssid_sessions[socket.ssid].data_store.wtvsec_login.DecodeTicket(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_b64); if (headers["wtv-incarnation"]) ssid_sessions[socket.ssid].data_store.wtvsec_login.set_incarnation(headers["wtv-incarnation"]); - if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id > 0) { + if (ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id >= 0) { if (ssid_sessions[socket.ssid].user_id != ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id) switchUserID(ssid_sessions[socket.ssid].data_store.wtvsec_login.ticket_store.user_id, true, false); } diff --git a/zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj b/zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj index e6c78481..171ac3e1 100644 --- a/zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj +++ b/zefie_wtvp_minisrv/zefie_wtvp_minisrv.njsproj @@ -316,6 +316,9 @@ Code + + Code + Code