mirror of
https://github.com/iv-org/invidious.git
synced 2025-01-10 08:47:52 +05:30
Update comments
This commit is contained in:
parent
eb70eb3747
commit
65c7362607
@ -460,16 +460,21 @@ module Invidious::Routes::Account
|
|||||||
secure = false
|
secure = false
|
||||||
end
|
end
|
||||||
|
|
||||||
# There are two routes we can go here.
|
|
||||||
# 1. Where the user is already logged in and is confirming a dangerous task.
|
|
||||||
# 2. The user is logging in.
|
|
||||||
#
|
#
|
||||||
# The latter can be detected by the hidden email and password parameter
|
# The validate_2fa method is used in two cases:
|
||||||
|
# 1. To authenticate the user when logging in
|
||||||
|
# 2. To verify that the user wishes to proceed with a dangerous action.
|
||||||
|
#
|
||||||
|
# As we've verified that the totp given is correct we can now proceed with
|
||||||
|
# authenticating and/or redirecting the user back to where they came from
|
||||||
|
#
|
||||||
|
|
||||||
# If we have the email and password variables set then that means we are currently logging in
|
logging_in = (email && password)
|
||||||
if email && password
|
|
||||||
# Verify the password
|
if logging_in
|
||||||
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
|
# Authenticate the user. The rest follows the code in login.cr
|
||||||
|
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.not_nil!.byte_slice(0, 55))
|
||||||
|
#
|
||||||
sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
|
sid = Base64.urlsafe_encode(Random::Secure.random_bytes(32))
|
||||||
PG_DB.exec("INSERT INTO session_ids VALUES ($1, $2, $3)", sid, email, Time.utc)
|
PG_DB.exec("INSERT INTO session_ids VALUES ($1, $2, $3)", sid, email, Time.utc)
|
||||||
|
|
||||||
|
@ -59,7 +59,7 @@ module Invidious::Routes::Login
|
|||||||
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
|
if Crypto::Bcrypt::Password.new(user.password.not_nil!).verify(password.byte_slice(0, 55))
|
||||||
# If the password is correct then we'll go ahead and begin 2fa if applicable
|
# If the password is correct then we'll go ahead and begin 2fa if applicable
|
||||||
if user.totp_secret
|
if user.totp_secret
|
||||||
csrf_token = nil # setting this to false for compatibility reasons.
|
csrf_token = nil # setting this to nil for compatibility reasons.
|
||||||
return templated "user/validate_2fa"
|
return templated "user/validate_2fa"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user