Check user_id as part of validating CSRF tokens
This commit is contained in:
parent
b9c29bf537
commit
1ff8579575
|
@ -1429,7 +1429,7 @@ post "/delete_account" do |env|
|
|||
token = env.params.body["token"]?
|
||||
|
||||
begin
|
||||
validate_response(challenge, token, "delete_account", HMAC_KEY)
|
||||
validate_response(challenge, token, user.email, "delete_account", HMAC_KEY)
|
||||
rescue ex
|
||||
error_message = ex.message
|
||||
next templated "error"
|
||||
|
@ -1474,7 +1474,7 @@ post "/clear_watch_history" do |env|
|
|||
token = env.params.body["token"]?
|
||||
|
||||
begin
|
||||
validate_response(challenge, token, "clear_watch_history", HMAC_KEY)
|
||||
validate_response(challenge, token, user.email, "clear_watch_history", HMAC_KEY)
|
||||
rescue ex
|
||||
error_message = ex.message
|
||||
next templated "error"
|
||||
|
|
|
@ -403,7 +403,7 @@ def create_response(user_id, operation, key)
|
|||
return challenge, token
|
||||
end
|
||||
|
||||
def validate_response(challenge, token, action, key)
|
||||
def validate_response(challenge, token, user_id, operation, key)
|
||||
if !challenge
|
||||
raise "Hidden field \"challenge\" is a required field"
|
||||
end
|
||||
|
@ -414,7 +414,7 @@ def validate_response(challenge, token, action, key)
|
|||
|
||||
challenge = Base64.decode_string(challenge)
|
||||
if challenge.split("-").size == 4
|
||||
expire, nonce, user_id, operation = challenge.split("-")
|
||||
expire, nonce, challenge_user_id, challenge_operation = challenge.split("-")
|
||||
|
||||
expire = expire.to_i?
|
||||
expire ||= 0
|
||||
|
@ -429,7 +429,11 @@ def validate_response(challenge, token, action, key)
|
|||
raise "Invalid token"
|
||||
end
|
||||
|
||||
if operation != action
|
||||
if challenge_operation != operation
|
||||
raise "Invalid token"
|
||||
end
|
||||
|
||||
if challenge_user_id != user_id
|
||||
raise "Invalid token"
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue