BE: implemented password reset
parent
80922086f8
commit
913295ebd7
|
@ -82,12 +82,58 @@ function get_account_mail() {
|
|||
cat secret/mail.dat | grep "^$1:" | awk -F: '{print $2}'
|
||||
}
|
||||
|
||||
#account_verified(session)
|
||||
function account_verified {
|
||||
#account_verified(username)
|
||||
function account_verified() {
|
||||
[[ $1 == '' ]] && return
|
||||
if [[ "$(cat secret/mail.dat | grep -P "^$(session_get_username "$1"):" | awk -F: '{print $4}')" != "yes" ]]; then
|
||||
if [[ "$(cat secret/mail.dat | grep -P "^$1:" | awk -F: '{print $4}')" != "yes" ]]; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
#account_gen_reset_code(username, force)
|
||||
function account_gen_reset_code() {
|
||||
[[ "$1" == '' ]] && return
|
||||
|
||||
if ! account_verified "$1"; then
|
||||
data="$(cat secret/mail.dat | grep -P "^$1:")"
|
||||
|
||||
user="$1"
|
||||
mail="$(awk -F: '{print $2}' <<< "$data")"
|
||||
old_code="$(awk -F: '{print $3}' <<< "$data")"
|
||||
timestamp="$(awk -F: '{print $5}' <<< "$data")"
|
||||
|
||||
new_timestamp="$(date "+%s")"
|
||||
new_code="$RANDOM"
|
||||
|
||||
if [[ $(date "+%s") -gt $((timestamp+3600)) || $2 == true ]]; then
|
||||
sed -i "s/$user:$mail:$old_code:yes:$timestamp/$user:$mail:$new_code:yes:$new_timestamp/" secret/mail.dat
|
||||
echo -n "$new_code"$(date "+%d%m%y") | sha1sum | awk '{print $1}' | cut -c 1-10
|
||||
return 0
|
||||
else
|
||||
return 2
|
||||
fi
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
#reset_pwd(username, hash, password)
|
||||
function reset_pwd() {
|
||||
[[ "$1" == '' || "$2" == '' || "$3" == '' ]] && return
|
||||
user="$1"
|
||||
hash="$2"
|
||||
pass="$3"
|
||||
|
||||
if [[ "$(echo -n $(cat secret/mail.dat | grep -P "^$user:" | awk -F: '{print $3}')$(date "+%d%m%y") | sha1sum | awk '{print $1}' | cut -c 1-10)" == "$hash" ]]; then
|
||||
delete_account "$user"
|
||||
register "$user" "$pass"
|
||||
|
||||
# prevents resetting the password with the same hash twice
|
||||
account_gen_reset_code "$user" true >> /dev/null
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
#!/bin/bash
|
||||
silent=yes source "${cfg[namespace]}/webroot/api/session.shs"
|
||||
if ! silent=yes source "${cfg[namespace]}/webroot/api/session.shs"; then
|
||||
return
|
||||
fi
|
||||
|
||||
source "${cfg[namespace]}/code/common.sh"
|
||||
|
||||
data=$(curl -s -X POST -H "$(get_auth_string)" -H "Content-type: application/json" "https://api-inmobile-pl.easypack24.net/v1/collect/validate" --data '{"geoPoint":{"accuracy":"1","latitude":"'"${post_data[lat]}"'","longitude":"'"${post_data[lon]}"'"},"parcel":{"openCode":"'"${post_data[openCode]}"'","shipmentNumber":"'"${post_data[id]}"'"}}')
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/bash
|
||||
source code/common.sh
|
||||
source "${cfg[namespace]}/code/common.sh"
|
||||
|
||||
if [[ "${post_data[login]}" != '' && "${post_data[password]}" != '' ]]; then
|
||||
login "${post_data[login]}" "${post_data[password]}"
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
#!/bin/bash
|
||||
silent=yes source "${cfg[namespace]}/webroot/api/session.shs"
|
||||
if ! silent=yes source "${cfg[namespace]}/webroot/api/session.shs"; then
|
||||
return
|
||||
fi
|
||||
|
||||
data=$(curl -s -H "$(get_auth_string)" "https://api-inmobile-pl.easypack24.net/v1/parcel?updatedAfter=1970-01-01T00:00:00.000Z")
|
||||
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
source "${cfg[namespace]}/code/common.sh"
|
||||
|
||||
reset_pwd "${post_data[login]}" "${post_data[hash]}" "${post_data[password]}"
|
||||
status=$?
|
||||
|
||||
if [[ $status == 0 ]]; then
|
||||
jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "Your password has been reset!"
|
||||
else
|
||||
jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 1 "Something went wrong. Check your form."
|
||||
fi
|
|
@ -0,0 +1,28 @@
|
|||
#!/bin/bash
|
||||
[[ "${post_data[login]}" == '' ]] && jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 0 "AAAA" && return
|
||||
source "${cfg[namespace]}/code/common.sh"
|
||||
|
||||
hash="$(account_gen_reset_code "${post_data[login]}")"
|
||||
result=$?
|
||||
|
||||
if [[ $result == 1 ]]; then
|
||||
jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 1 "This account doesn't exist or wasn't verified."
|
||||
elif [[ $result == 2 ]]; then
|
||||
jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 2 "Ratelimited."
|
||||
elif [[ $result == 0 ]]; then
|
||||
sender_name="${cfg[who]}" mailsend "$(get_account_mail ${post_data[login]})" "OCW password reset" \
|
||||
"Hi ${post_data[login]},
|
||||
|
||||
Someone (probably you) has requested a password reset on your OCW account.
|
||||
To reset your password, paste below text into the password reset form:
|
||||
|
||||
$hash
|
||||
|
||||
NEVER give this code to anybody - this would grant full control over your account.
|
||||
If you didn't request a password reset, you can safely ignore this message.
|
||||
|
||||
Have a wonderful day!
|
||||
~ ${cfg[who]}" &
|
||||
|
||||
jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "Reset e-mail sent!"
|
||||
fi
|
|
@ -3,14 +3,15 @@ source "${cfg[namespace]}/code/common.sh"
|
|||
|
||||
if ! session_verify "${cookies[sh_session]}"; then
|
||||
jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "You're not logged in!"
|
||||
return
|
||||
elif account_verified "${cookies[sh_session]}"; then
|
||||
return 1
|
||||
elif account_verified "$(session_get_username "${cookies[sh_session]}")"; then
|
||||
jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -2 "You didn't verify your mail!"
|
||||
return
|
||||
return 1
|
||||
elif check_if_user_exists "authToken"; then
|
||||
jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -3 "You didn't verify your phone!"
|
||||
return
|
||||
return 1
|
||||
else
|
||||
[[ "$silent" != "yes" ]] && jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "OK"
|
||||
return 0
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in New Issue