Leahnaya/pokemon-showdown-loginserver
1
0
Fork 0
mirror of https://github.com/smogon/pokemon-showdown-loginserver.git synced 2026-04-26 01:31:42 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

OAuth: Ensure the getassertion action accepts a challstr properly

Browse Source
This commit is contained in:
Mia 2023-08-21 14:02:24 -05:00
parent 2b22a33bb3
commit 77ddb1cd17
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/actions.ts
View File

@ -595,14 +595,19 @@ export const actions: {[k: string]: QueryHandler} = {
if (!token) {
throw new ActionError('No token provided.');
}
const challstr = params.challenge || params.challstr;
if (!challstr) {
throw new ActionError('No challstr provided.');
}
const tokenEntry = await (
tables.oauthTokens.selectOne()
)`WHERE owner = ${this.user.id} and client = ${client.id}`;
if (!tokenEntry || tokenEntry.id !== token) {
return {success: false};
}
const challstr = crypto.randomBytes(20).toString('hex');
return this.session.getAssertion(tokenEntry.owner, Config.challengekeyid, this.user, challstr);
return this.session.getAssertion(
tokenEntry.owner, Config.challengekeyid, this.user, challstr
);
},
'oauth/authorized'() {