1
0
mirror of https://github.com/hrfee/jfa-go.git synced 2024-12-22 09:00:10 +00:00

userpage: time-pad pwr request for ambiguity

the user shouldn't know if the reset has actually been sent (i.e. if an
account with the given contact address exists), so the backend response
is always sent after 1 second.
This commit is contained in:
Harvey Tindall 2023-06-22 12:25:00 +01:00
parent 86daa70ccb
commit 3ec3e9672e
Signed by: hrfee
GPG Key ID: BBC65952848FB1A2
2 changed files with 39 additions and 16 deletions

View File

@ -487,9 +487,15 @@ func (app *appContext) UnlinkMyMatrix(gc *gin.Context) {
// @Router /my/password/reset/{address} [post]
// @tags Users
func (app *appContext) ResetMyPassword(gc *gin.Context) {
// All requests should take 1 second, to make it harder to tell if a success occured or not.
timerWait := make(chan bool)
cancel := time.AfterFunc(1*time.Second, func() {
timerWait <- true
})
address := gc.Param("address")
if address == "" {
app.debug.Println("Ignoring empty request for PWR")
cancel.Stop()
respondBool(400, false, gc)
return
}
@ -499,13 +505,20 @@ func (app *appContext) ResetMyPassword(gc *gin.Context) {
jfID := app.reverseUserSearch(address)
if jfID == "" {
app.debug.Printf("Ignoring PWR request: User not found")
respondBool(204, true, gc)
for range timerWait {
respondBool(204, true, gc)
return
}
return
}
pwr, err = app.GenInternalReset(jfID)
if err != nil {
app.err.Printf("Failed to get user from Jellyfin: %v", err)
respondBool(500, false, gc)
for range timerWait {
respondBool(204, true, gc)
return
}
return
}
if app.internalPWRs == nil {
@ -523,12 +536,18 @@ func (app *appContext) ResetMyPassword(gc *gin.Context) {
)
if err != nil {
app.err.Printf("Failed to construct password reset message for \"%s\": %v", pwr.Username, err)
respondBool(500, false, gc)
for range timerWait {
respondBool(204, true, gc)
return
}
return
} else if err := app.sendByID(msg, jfID); err != nil {
app.err.Printf("Failed to send password reset message to \"%s\": %v", address, err)
} else {
app.info.Printf("Sent password reset message to \"%s\"", address)
}
respondBool(204, true, gc)
for range timerWait {
respondBool(204, true, gc)
return
}
}

View File

@ -63,18 +63,22 @@ window.notifications = new notificationBox(document.getElementById('notification
if (window.pwrEnabled && window.linkResetEnabled) {
const submitButton = document.getElementById("pwr-submit");
const input = document.getElementById("pwr-address") as HTMLInputElement;
submitButton.onclick = () => _post("/my/password/reset/" + input.value, null, (req: XMLHttpRequest) => {
if (req.readyState != 4) return;
if (req.status != 204) {
window.notifications.customError("unkownError", window.lang.notif("errorUnknown"));;
window.modals.pwr.close();
return;
}
window.modals.pwr.modal.querySelector(".heading").textContent = window.lang.strings("resetSent");
window.modals.pwr.modal.querySelector(".content").textContent = window.lang.strings("resetSentDescription");
submitButton.classList.add("unfocused");
input.classList.add("unfocused");
});
submitButton.onclick = () => {
toggleLoader(submitButton);
_post("/my/password/reset/" + input.value, null, (req: XMLHttpRequest) => {
if (req.readyState != 4) return;
toggleLoader(submitButton);
if (req.status != 204) {
window.notifications.customError("unkownError", window.lang.notif("errorUnknown"));;
window.modals.pwr.close();
return;
}
window.modals.pwr.modal.querySelector(".heading").textContent = window.lang.strings("resetSent");
window.modals.pwr.modal.querySelector(".content").textContent = window.lang.strings("resetSentDescription");
submitButton.classList.add("unfocused");
input.classList.add("unfocused");
});
};
}
const grid = document.querySelector(".grid");