mirror of
https://github.com/hrfee/jfa-go.git
synced 2024-12-22 09:00:10 +00:00
Password Resets: Ignore magic link visits from bots
For #108. Literally just searches the useragent for "Bot", seems good enough for Telegram atleast.
This commit is contained in:
parent
fb6256d1ed
commit
953a66ec47
@ -54,10 +54,12 @@ func pwrMonitor(app *appContext, watcher *fsnotify.Watcher) {
|
|||||||
var pwr PasswordReset
|
var pwr PasswordReset
|
||||||
data, err := os.ReadFile(event.Name)
|
data, err := os.ReadFile(event.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
app.debug.Printf("PWR: Failed to read file: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
err = json.Unmarshal(data, &pwr)
|
err = json.Unmarshal(data, &pwr)
|
||||||
if len(pwr.Pin) == 0 || err != nil {
|
if len(pwr.Pin) == 0 || err != nil {
|
||||||
|
app.debug.Printf("PWR: Failed to read PIN: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
app.info.Printf("New password reset for user \"%s\"", pwr.Username)
|
app.info.Printf("New password reset for user \"%s\"", pwr.Username)
|
||||||
|
54
views.go
54
views.go
@ -137,6 +137,7 @@ func (app *appContext) AdminPage(gc *gin.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (app *appContext) ResetPassword(gc *gin.Context) {
|
func (app *appContext) ResetPassword(gc *gin.Context) {
|
||||||
|
isBot := strings.Contains(gc.Request.Header.Get("User-Agent"), "Bot")
|
||||||
pin := gc.Query("pin")
|
pin := gc.Query("pin")
|
||||||
if pin == "" {
|
if pin == "" {
|
||||||
app.NoRouteHandler(gc)
|
app.NoRouteHandler(gc)
|
||||||
@ -151,32 +152,39 @@ func (app *appContext) ResetPassword(gc *gin.Context) {
|
|||||||
"success": false,
|
"success": false,
|
||||||
"ombiEnabled": app.config.Section("ombi").Key("enabled").MustBool(false),
|
"ombiEnabled": app.config.Section("ombi").Key("enabled").MustBool(false),
|
||||||
}
|
}
|
||||||
resp, status, err := app.jf.ResetPassword(pin)
|
|
||||||
if status == 200 && err == nil && resp.Success {
|
|
||||||
data["success"] = true
|
|
||||||
data["pin"] = pin
|
|
||||||
} else {
|
|
||||||
app.err.Printf("Password Reset failed (%d): %v", status, err)
|
|
||||||
}
|
|
||||||
defer gcHTML(gc, http.StatusOK, "password-reset.html", data)
|
defer gcHTML(gc, http.StatusOK, "password-reset.html", data)
|
||||||
if app.config.Section("ombi").Key("enabled").MustBool(false) {
|
// If it's a bot, pretend to be a success so the preview is nice.
|
||||||
jfUser, status, err := app.jf.UserByName(resp.UsersReset[0], false)
|
if isBot {
|
||||||
if status != 200 || err != nil {
|
app.debug.Println("PWR: Ignoring magic link visit from bot")
|
||||||
app.err.Printf("Failed to get user \"%s\" from jellyfin/emby (%d): %v", resp.UsersReset[0], status, err)
|
data["success"] = true
|
||||||
return
|
data["pin"] = "NO-BO-TS"
|
||||||
|
} else {
|
||||||
|
resp, status, err := app.jf.ResetPassword(pin)
|
||||||
|
if status == 200 && err == nil && resp.Success {
|
||||||
|
data["success"] = true
|
||||||
|
data["pin"] = pin
|
||||||
|
} else {
|
||||||
|
app.err.Printf("Password Reset failed (%d): %v", status, err)
|
||||||
}
|
}
|
||||||
ombiUser, status, err := app.getOmbiUser(jfUser.ID)
|
if app.config.Section("ombi").Key("enabled").MustBool(false) {
|
||||||
if status != 200 || err != nil {
|
jfUser, status, err := app.jf.UserByName(resp.UsersReset[0], false)
|
||||||
app.err.Printf("Failed to get user \"%s\" from ombi (%d): %v", resp.UsersReset[0], status, err)
|
if status != 200 || err != nil {
|
||||||
return
|
app.err.Printf("Failed to get user \"%s\" from jellyfin/emby (%d): %v", resp.UsersReset[0], status, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ombiUser, status, err := app.getOmbiUser(jfUser.ID)
|
||||||
|
if status != 200 || err != nil {
|
||||||
|
app.err.Printf("Failed to get user \"%s\" from ombi (%d): %v", resp.UsersReset[0], status, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
ombiUser["password"] = pin
|
||||||
|
status, err = app.ombi.ModifyUser(ombiUser)
|
||||||
|
if status != 200 || err != nil {
|
||||||
|
app.err.Printf("Failed to set password for ombi user \"%s\" (%d): %v", ombiUser["userName"], status, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
app.debug.Printf("Reset password for ombi user \"%s\"", ombiUser["userName"])
|
||||||
}
|
}
|
||||||
ombiUser["password"] = pin
|
|
||||||
status, err = app.ombi.ModifyUser(ombiUser)
|
|
||||||
if status != 200 || err != nil {
|
|
||||||
app.err.Printf("Failed to set password for ombi user \"%s\" (%d): %v", ombiUser["userName"], status, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
app.debug.Printf("Reset password for ombi user \"%s\"", ombiUser["userName"])
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user