mirror of
https://github.com/hrfee/jfa-go.git
synced 2024-12-22 09:00:10 +00:00
Password Resets: Ignore magic link visits from bots
For #108. Literally just searches the useragent for "Bot", seems good enough for Telegram atleast.
This commit is contained in:
parent
fb6256d1ed
commit
953a66ec47
@ -54,10 +54,12 @@ func pwrMonitor(app *appContext, watcher *fsnotify.Watcher) {
|
||||
var pwr PasswordReset
|
||||
data, err := os.ReadFile(event.Name)
|
||||
if err != nil {
|
||||
app.debug.Printf("PWR: Failed to read file: %v", err)
|
||||
return
|
||||
}
|
||||
err = json.Unmarshal(data, &pwr)
|
||||
if len(pwr.Pin) == 0 || err != nil {
|
||||
app.debug.Printf("PWR: Failed to read PIN: %v", err)
|
||||
return
|
||||
}
|
||||
app.info.Printf("New password reset for user \"%s\"", pwr.Username)
|
||||
|
10
views.go
10
views.go
@ -137,6 +137,7 @@ func (app *appContext) AdminPage(gc *gin.Context) {
|
||||
}
|
||||
|
||||
func (app *appContext) ResetPassword(gc *gin.Context) {
|
||||
isBot := strings.Contains(gc.Request.Header.Get("User-Agent"), "Bot")
|
||||
pin := gc.Query("pin")
|
||||
if pin == "" {
|
||||
app.NoRouteHandler(gc)
|
||||
@ -151,6 +152,13 @@ func (app *appContext) ResetPassword(gc *gin.Context) {
|
||||
"success": false,
|
||||
"ombiEnabled": app.config.Section("ombi").Key("enabled").MustBool(false),
|
||||
}
|
||||
defer gcHTML(gc, http.StatusOK, "password-reset.html", data)
|
||||
// If it's a bot, pretend to be a success so the preview is nice.
|
||||
if isBot {
|
||||
app.debug.Println("PWR: Ignoring magic link visit from bot")
|
||||
data["success"] = true
|
||||
data["pin"] = "NO-BO-TS"
|
||||
} else {
|
||||
resp, status, err := app.jf.ResetPassword(pin)
|
||||
if status == 200 && err == nil && resp.Success {
|
||||
data["success"] = true
|
||||
@ -158,7 +166,6 @@ func (app *appContext) ResetPassword(gc *gin.Context) {
|
||||
} else {
|
||||
app.err.Printf("Password Reset failed (%d): %v", status, err)
|
||||
}
|
||||
defer gcHTML(gc, http.StatusOK, "password-reset.html", data)
|
||||
if app.config.Section("ombi").Key("enabled").MustBool(false) {
|
||||
jfUser, status, err := app.jf.UserByName(resp.UsersReset[0], false)
|
||||
if status != 200 || err != nil {
|
||||
@ -179,6 +186,7 @@ func (app *appContext) ResetPassword(gc *gin.Context) {
|
||||
app.debug.Printf("Reset password for ombi user \"%s\"", ombiUser["userName"])
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (app *appContext) InviteProxy(gc *gin.Context) {
|
||||
app.pushResources(gc, false)
|
||||
|
Loading…
Reference in New Issue
Block a user