mirror of
https://github.com/weechat/weechat.git
synced 2026-07-03 16:23:14 +02:00
relay/api: return an error 401 when header "x-weechat-totp" has an invalid value
This commit is contained in:
@@ -33,6 +33,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
- irc: fix warning on creation of irc.msgbuffer option when the server name contains upper case letters ([#2281](https://github.com/weechat/weechat/issues/2281))
|
||||
- relay/api: fix crash when an invalid HTTP request is received from a client
|
||||
- relay/api: return an error 400 when URL parameters "colors", "nicks", "lines" and "lines_free" have an invalid value
|
||||
- relay/api: return an error 401 when header "x-weechat-totp" has an invalid value
|
||||
|
||||
## Version 4.7.1 (2025-08-16)
|
||||
|
||||
|
||||
@@ -588,9 +588,9 @@ relay_http_get_auth_status (struct t_relay_client *client)
|
||||
{
|
||||
const char *auth, *sec_websocket_protocol, *client_totp, *pos;
|
||||
char *relay_password, *totp_secret, *info_totp_args, *info_totp;
|
||||
char *user_pass;
|
||||
char **protocol_array;
|
||||
char *user_pass, **protocol_array, *error;
|
||||
int rc, i, length, protocol_count, use_base64url, totp_ok;
|
||||
long number;
|
||||
|
||||
rc = 0;
|
||||
relay_password = NULL;
|
||||
@@ -599,6 +599,17 @@ relay_http_get_auth_status (struct t_relay_client *client)
|
||||
user_pass = NULL;
|
||||
use_base64url = 0;
|
||||
|
||||
client_totp = weechat_hashtable_get (client->http_req->headers, "x-weechat-totp");
|
||||
if (client_totp && client_totp[0])
|
||||
{
|
||||
number = strtol (client_totp, &error, 10);
|
||||
if (!error || error[0] || (number < 0) || (number > 999999))
|
||||
{
|
||||
rc = -4;
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
relay_password = weechat_string_eval_expression (
|
||||
weechat_config_string (relay_config_network_password),
|
||||
NULL, NULL, NULL);
|
||||
@@ -725,7 +736,6 @@ relay_http_get_auth_status (struct t_relay_client *client)
|
||||
NULL, NULL, NULL);
|
||||
if (totp_secret && totp_secret[0])
|
||||
{
|
||||
client_totp = weechat_hashtable_get (client->http_req->headers, "x-weechat-totp");
|
||||
if (!client_totp || !client_totp[0])
|
||||
{
|
||||
rc = -3;
|
||||
|
||||
@@ -713,6 +713,13 @@ TEST(RelayHttp, GetAuthStatus)
|
||||
hashtable_set (client->http_req->headers, "authorization", "Basic \u26c4");
|
||||
LONGS_EQUAL(-2, relay_http_get_auth_status (client));
|
||||
|
||||
/* test invalid TOTP */
|
||||
hashtable_set (client->http_req->headers, "x-weechat-totp", "abcdef");
|
||||
LONGS_EQUAL(-4, relay_http_get_auth_status (client));
|
||||
hashtable_set (client->http_req->headers, "x-weechat-totp", "1234567");
|
||||
LONGS_EQUAL(-4, relay_http_get_auth_status (client));
|
||||
hashtable_remove (client->http_req->headers, "x-weechat-totp");
|
||||
|
||||
/* test invalid plain-text password ("test") */
|
||||
hashtable_set (client->http_req->headers, "authorization", "Basic cGxhaW46dGVzdA==");
|
||||
LONGS_EQUAL(-2, relay_http_get_auth_status (client));
|
||||
@@ -907,6 +914,7 @@ TEST(RelayHttp, GetAuthStatus)
|
||||
free (totp2);
|
||||
config_file_option_reset (relay_config_network_totp_secret, 1);
|
||||
config_file_option_reset (relay_config_network_totp_window, 1);
|
||||
hashtable_remove (client->http_req->headers, "x-weechat-totp");
|
||||
|
||||
/* test invalid plain-text password ("test") via Sec-WebSocket-Protocol */
|
||||
hashtable_remove (client->http_req->headers, "authorization");
|
||||
|
||||
Reference in New Issue
Block a user