1
0
mirror of https://github.com/etesync/server synced 2024-11-18 14:58:09 +00:00

Login: add an action indicator to know the user signed a login request.

This commit is contained in:
Tom Hacohen 2020-06-17 14:08:08 +03:00
parent d1017aac76
commit 54268ac027
2 changed files with 6 additions and 1 deletions

View File

@ -416,6 +416,7 @@ class AuthenticationLoginSerializer(serializers.Serializer):
class AuthenticationLoginInnerSerializer(AuthenticationLoginChallengeSerializer):
challenge = BinaryBase64Field()
host = serializers.CharField()
action = serializers.CharField()
def create(self, validated_data):
raise NotImplementedError()

View File

@ -607,6 +607,7 @@ class AuthenticationViewSet(viewsets.ViewSet):
user = self.get_login_user(username)
host = serializer.validated_data['host']
challenge = serializer.validated_data['challenge']
action = serializer.validated_data['action']
salt = bytes(user.userinfo.salt)
enc_key = self.get_encryption_key(salt)
@ -614,7 +615,10 @@ class AuthenticationViewSet(viewsets.ViewSet):
challenge_data = json.loads(box.decrypt(challenge).decode())
now = int(datetime.now().timestamp())
if now - challenge_data['timestamp'] > app_settings.CHALLENGE_VALID_SECONDS:
if action != "login":
content = {'code': 'wrong_action', 'detail': 'Expected "login" but got something else'}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
elif now - challenge_data['timestamp'] > app_settings.CHALLENGE_VALID_SECONDS:
content = {'code': 'challenge_expired', 'detail': 'Login challange has expired'}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
elif challenge_data['userId'] != user.id: