kamp/pingvin-share
1
0
Fork 0
mirror of https://github.com/stonith404/pingvin-share.git synced 2024-11-20 14:20:16 +01:00
Code

fix: redirect vulnerability on error, sign in and totp page

Browse Source
This commit is contained in:
Elias Schneider 2024-04-05 12:00:41 +02:00
parent 9d1a12b0d1
commit 384fd19203
No known key found for this signature in database
GPG Key ID: 07E623B294202B6C
4 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
frontend/src/components/auth/SignInForm.tsx
View File

@ -25,6 +25,7 @@ import useTranslate from "../../hooks/useTranslate.hook";
import authService from "../../services/auth.service"; import authService from "../../services/auth.service";
import { getOAuthIcon, getOAuthUrl } from "../../utils/oauth.util"; import { getOAuthIcon, getOAuthUrl } from "../../utils/oauth.util";
import toast from "../../utils/toast.util"; import toast from "../../utils/toast.util";
import { safeRedirectPath } from "../../utils/router.util";
const useStyles = createStyles((theme) => ({ const useStyles = createStyles((theme) => ({
or: { or: {
@ -98,7 +99,7 @@ const SignInForm = ({ redirectPath }: { redirectPath: string }) => {
); );
} else { } else {
await refreshUser(); await refreshUser();
router.replace(redirectPath); router.replace(safeRedirectPath(redirectPath));
} }
}) })
.catch(toast.axiosError); .catch(toast.axiosError);

13
frontend/src/components/auth/TotpForm.tsx
View File

@ -6,15 +6,16 @@ import {
PinInput, PinInput,
Title, Title,
} from "@mantine/core"; } from "@mantine/core";
import { useForm, yupResolver } from "@mantine/form";
import { useRouter } from "next/router";
import { useState } from "react";
import { FormattedMessage } from "react-intl"; import { FormattedMessage } from "react-intl";
import * as yup from "yup"; import * as yup from "yup";
import useTranslate from "../../hooks/useTranslate.hook"; import useTranslate from "../../hooks/useTranslate.hook";
import { useForm, yupResolver } from "@mantine/form";
import { useState } from "react";
import authService from "../../services/auth.service";
import toast from "../../utils/toast.util";
import { useRouter } from "next/router";
import useUser from "../../hooks/user.hook"; import useUser from "../../hooks/user.hook";
import authService from "../../services/auth.service";
import { safeRedirectPath } from "../../utils/router.util";
import toast from "../../utils/toast.util";
function TotpForm({ redirectPath }: { redirectPath: string }) { function TotpForm({ redirectPath }: { redirectPath: string }) {
const t = useTranslate(); const t = useTranslate();
@ -46,7 +47,7 @@ function TotpForm({ redirectPath }: { redirectPath: string }) {
router.query.loginToken as string, router.query.loginToken as string,
); );
await refreshUser(); await refreshUser();
await router.replace(redirectPath); await router.replace(safeRedirectPath(redirectPath));
} catch (e) { } catch (e) {
toast.axiosError(e); toast.axiosError(e);
form.setFieldError("code", "error"); form.setFieldError("code", "error");

5
frontend/src/pages/error.tsx
View File

@ -4,6 +4,7 @@ import Meta from "../components/Meta";
import useTranslate from "../hooks/useTranslate.hook"; import useTranslate from "../hooks/useTranslate.hook";
import { useRouter } from "next/router"; import { useRouter } from "next/router";
import { FormattedMessage } from "react-intl"; import { FormattedMessage } from "react-intl";
import { safeRedirectPath } from "../utils/router.util";
const useStyle = createStyles({ const useStyle = createStyles({
title: { title: {
@ -39,7 +40,9 @@ export default function Error() {
</Text> </Text>
<Button <Button
mt="xl" mt="xl"
onClick={() => router.push((router.query.redirect as string) || "/")} onClick={() =>
router.push(safeRedirectPath(router.query.redirect as string))
}
> >
{t("error.button.back")} {t("error.button.back")}
</Button> </Button>

7
frontend/src/utils/router.util.ts Normal file
View File

@ -0,0 +1,7 @@
export function safeRedirectPath(path: string | undefined) {
if (!path) return "/";
if (!path.startsWith("/")) return `/${path}`;
return path;
}