From 9af124783c1173b5f141bd45fb6c25c82b6767ea Mon Sep 17 00:00:00 2001 From: AaronDewes Date: Tue, 21 Jun 2022 13:52:05 +0000 Subject: [PATCH 1/3] Fix setting update channel --- routes/v2/system.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/routes/v2/system.ts b/routes/v2/system.ts index 5daceee..24874c6 100644 --- a/routes/v2/system.ts +++ b/routes/v2/system.ts @@ -150,8 +150,9 @@ router.get('/disk-type', auth.jwt, async (ctx, next) => { }); router.put('/update-channel', auth.jwt, async (ctx, next) => { - typeHelper.isString(ctx.body.channel, ctx); - await systemLogic.setUpdateChannel(ctx.body.channel as string); + typeHelper.isString(ctx.request.body.channel, ctx); + await systemLogic.setUpdateChannel(ctx.request.body.channel as string); + ctx.body = {}; await next(); }); From e87b0ca7da756851052c2c83dad086871a015292 Mon Sep 17 00:00:00 2001 From: William Connatser <43946230+WilliamConnatser@users.noreply.github.com> Date: Fri, 24 Jun 2022 21:24:48 -0400 Subject: [PATCH 2/3] fix a few missing validations identified by GitHub AI --- middlewares/auth.ts | 3 ++- routes/v1/account.ts | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/middlewares/auth.ts b/middlewares/auth.ts index 8d535ab..622b458 100644 --- a/middlewares/auth.ts +++ b/middlewares/auth.ts @@ -1,5 +1,5 @@ import {Buffer} from 'node:buffer'; -import {STATUS_CODES} from '@runcitadel/utils'; +import {STATUS_CODES, typeHelper} from '@runcitadel/utils'; import * as passportJWT from 'passport-jwt'; import * as passportHTTP from 'passport-http'; import * as bcrypt from '@node-rs/bcrypt'; @@ -137,6 +137,7 @@ export async function basic(ctx: Context, next: Next): Promise { } // Check 2FA token when enabled + typeHelper.isString(ctx.request.body.totpToken, ctx); if (userInfo.settings?.twoFactorAuth) { const vres = notp.totp.verify( ctx.request.body.totpToken, diff --git a/routes/v1/account.ts b/routes/v1/account.ts index da50870..1f06557 100644 --- a/routes/v1/account.ts +++ b/routes/v1/account.ts @@ -170,6 +170,7 @@ router.post('/totp/enable', auth.jwt, async (ctx) => { // TOTP should be already set up const key = info.settings?.twoFactorKey; + typeHelper.isString(ctx.request.body.authenticatorToken, ctx); const vres = notp.totp.verify(ctx.request.body.authenticatorToken, key); if (vres && vres.delta === 0) { @@ -190,6 +191,7 @@ router.post('/totp/disable', auth.jwt, async (ctx, next) => { // TOTP should be already set up const key = info.settings?.twoFactorKey; + typeHelper.isString(ctx.request.body.authenticatorToken, ctx); const vres = notp.totp.verify(ctx.request.body.authenticatorToken, key); if (vres && vres.delta === 0) { From 69c1a4869e7204d6428c00eb7c76f2205926a21c Mon Sep 17 00:00:00 2001 From: William Connatser <43946230+WilliamConnatser@users.noreply.github.com> Date: Fri, 24 Jun 2022 21:28:07 -0400 Subject: [PATCH 3/3] move validation into if statement --- middlewares/auth.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/middlewares/auth.ts b/middlewares/auth.ts index 622b458..f52c7a2 100644 --- a/middlewares/auth.ts +++ b/middlewares/auth.ts @@ -137,8 +137,8 @@ export async function basic(ctx: Context, next: Next): Promise { } // Check 2FA token when enabled - typeHelper.isString(ctx.request.body.totpToken, ctx); if (userInfo.settings?.twoFactorAuth) { + typeHelper.isString(ctx.request.body.totpToken, ctx); const vres = notp.totp.verify( ctx.request.body.totpToken, userInfo.settings.twoFactorKey || '',