Check CSRF and user existence
Created by O01eg on April 13, 2022
TRBYOQBIJPJ72SX3TPI2OAKBUQH6FWVHTKT45LS2HVMBCAWCTULQC Dependencies
- [2]
I7JG43BJOGKQCPWGEGQMPJ3BIMBVMWXK7G7YAWITR6EATVQGVYUQC - [3]
HZDCKIXQ3LCD7YPL7ZZBCRMD7YMKDJ2QAALETTG3FYMBF4TNFUBAC - [4]
WLWTNO4YJ4VBMJYVTP2LGPFQAJTOB524BD5INJFA44X2FKAX76DQC - [5]
3HT5CE6SDTPZAV7EN6FDMY2744JVFJCXHZXEQLK6IEFGPRGSBTXAC - [6]
EVP2FSBHQUCAXQ6IIMBD6IS24ODKHP6HFWYCHIMYG6KOFRQG3RVQC - [7]
4MZ4VIR7FU3PQ3WKJI6TJIKYOIIBODFEPKLMQ32S4AKPZSDFO6AQC
In channels
main
Change contents
Replacement in src/pages/query_reset_game_pwd.rs at line 24 [3.557]
let body = match data.handlebars.render(QUERY_RESET_GAME_PWD,&PageData {csrf: Uuid::new_v4(),},) {let csrf = Uuid::new_v4();{let mut cache = data.cache_query_reset_game_pwd.lock().await;cache.insert(csrf,(),std::time::Duration::from_secs(data.cache_duration_sec),);}let body = match data.handlebars.render(QUERY_RESET_GAME_PWD, &PageData { csrf }){Replacement in src/pages/query_reset_game_pwd.rs at line 50 [3.557]
Insertion in src/pages/query_reset_game_pwd.rs at line 53 [3.557]
let cached_data = {let mut cache = data.cache_query_reset_game_pwd.lock().await;cache.remove(&form.csrf)};if cached_data.is_none() {log::warn!("Unknown data for CSRF: {}", form.csrf);return HttpResponse::BadRequest().body("Incorrect");}if form.contact_type != "email" {log::warn!("Unknown data for contact type: {}", form.contact_type);return HttpResponse::BadRequest().body("Incorrect");}// check existence of contactlet dbclient_ro = match data.pool_ro.get().await {Ok(c) => c,Err(e) => {log::error!("Pool RO error {}", e);return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());}};let stmt = match dbclient_ro.prepare("select 1 from auth.users u inner join auth.contacts c on u.player_name = c.player_name and c.is_active = true and c.delete_ts is null where u.player_name = $1 and c.protocol = ($2::text)::auth.contact_protocol and c.address = $3 limit 1").await {Ok(stmt) => stmt,Err(e) => {log::error!("Pool RO statement error {}", e);return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());}};let rows = match dbclient_ro.query_opt(&stmt, &[&form.login, &form.contact_type, &form.contact]).await{Ok(rows) => rows,Err(e) => {log::error!("Pool RO query error {}", e);return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());}};if rows.is_none() {return HttpResponse::NotFound().body("Not found");}Insertion in src/pages/mod.rs at line 30 [6.50]
Insertion in src/main.rs at line 115 [7.17]