From d99a160bc0d8ab6e9bbe3bb8a181b2939e66e299 Mon Sep 17 00:00:00 2001 From: Dominika Liberda Date: Fri, 13 Nov 2020 15:47:32 +0100 Subject: [PATCH] most variables are local now, fix bug --- code/common.sh | 31 ++++++++++++++++--------------- webroot/api/login.shs | 2 +- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/code/common.sh b/code/common.sh index aaf5bfc..eac01e0 100644 --- a/code/common.sh +++ b/code/common.sh @@ -7,7 +7,7 @@ function get_auth_string() { exit 0 fi - user="$(session_get_username ${cookies[sh_session]})" + local user="$(session_get_username ${cookies[sh_session]})" echo "Authorization: Bearer $(cat secret/authTokens.dat | grep -P "^$user:" | sed -s "s/$user://")" } @@ -17,7 +17,7 @@ function get_refresh_token() { exit 0 fi - user="$(session_get_username ${cookies[sh_session]})" + local user="$(session_get_username ${cookies[sh_session]})" echo "$(cat secret/refreshTokens.dat | grep -P "^$user:" | sed -s "s/$user://")" } @@ -28,7 +28,7 @@ function check_if_user_exists() { exit 0 fi - user=$(session_get_username ${cookies[sh_session]}) + local user=$(session_get_username ${cookies[sh_session]}) [[ $1 == "refreshToken" ]] && [[ $(cat secret/refreshTokens.dat | grep -P "^$user:") != "" ]] && return 1 [[ $1 == "authToken" ]] && [[ $(cat secret/authTokens.dat | grep -P "^$user:") != "" ]] && return 1 @@ -60,8 +60,9 @@ function add_account_authtoken() { # update_account_authtoken(username) function update_account_authtoken() { - a=$(cat secret/refreshTokens.dat | grep -P "^$1\:") - token=$(awk -F: '{print $2}' <<< $a); + local a=$(cat secret/refreshTokens.dat | grep -P "^$1\:") + local token=$(awk -F: '{print $2}' <<< $a); + local auth='' while true; do if [[ "$auth" == '' ]]; then auth=$(curl -s -X POST -H "Content-type: application/json" --data '{"phoneOS": "Android", "refreshToken": "'"$token"'"}' https://api-inmobile-pl.easypack24.net/v1/authenticate | jq -r .authToken | sed -s 's/Bearer //g') @@ -104,15 +105,15 @@ function account_gen_reset_code() { [[ "$1" == '' ]] && return if ! account_verified "$1"; then - data="$(cat secret/mail.dat | grep -P "^$1:")" + local data="$(cat secret/mail.dat | grep -P "^$1:")" - user="$1" - mail="$(awk -F: '{print $2}' <<< "$data")" - old_code="$(awk -F: '{print $3}' <<< "$data")" - timestamp="$(awk -F: '{print $5}' <<< "$data")" + local user="$1" + local mail="$(awk -F: '{print $2}' <<< "$data")" + local old_code="$(awk -F: '{print $3}' <<< "$data")" + local timestamp="$(awk -F: '{print $5}' <<< "$data")" - new_timestamp="$(date "+%s")" - new_code="$RANDOM" + local new_timestamp="$(date "+%s")" + local new_code="$RANDOM" if [[ $(date "+%s") -gt $((timestamp+3600)) || $2 == true ]]; then sed -i "s/$user:$mail:$old_code:yes:$timestamp/$user:$mail:$new_code:yes:$new_timestamp/" secret/mail.dat @@ -129,9 +130,9 @@ function account_gen_reset_code() { #reset_pwd(username, hash, password) function reset_pwd() { [[ "$1" == '' || "$2" == '' || "$3" == '' ]] && return - user="$1" - hash="$2" - pass="$3" + local user="$1" + local hash="$2" + local pass="$3" if [[ "$(echo -n $(cat secret/mail.dat | grep -P "^$user:" | awk -F: '{print $3}')$(date "+%d%m%y") | sha1sum | awk '{print $1}' | cut -c 1-10)" == "$hash" ]]; then delete_account "$user" diff --git a/webroot/api/login.shs b/webroot/api/login.shs index 5ca6054..68646f1 100644 --- a/webroot/api/login.shs +++ b/webroot/api/login.shs @@ -4,7 +4,7 @@ source "${cfg[namespace]}/code/common.sh" if [[ "${post_data[login]}" != '' && "${post_data[password]}" != '' ]]; then login "${post_data[login]}" "${post_data[password]}" status=$? - if account_verified "${post_data[login]}"; then + if [[ $status == 0 ]] && account_verified "${post_data[login]}"; then status=-2 reason="Account not verified" fi