From 2ffd286d1638e6e9817e08de1a97aca0ba4a8abd Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 10:11:35 +0100 Subject: [PATCH 01/12] tabindex on login screen --- webapp_login.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/webapp_login.py b/webapp_login.py index 758f13095..9e903e0a4 100644 --- a/webapp_login.py +++ b/webapp_login.py @@ -132,7 +132,7 @@ def html_login(translate: {}, translate[idx] + \ '

' register_button_str = \ - '' tos_str = \ @@ -144,7 +144,7 @@ def html_login(translate: {}, login_button_str = '' if accounts > 0: login_button_str = \ - '' autocomplete_nickname_str = 'autocomplete="username"' @@ -177,14 +177,14 @@ def html_login(translate: {}, translate['Nickname'] + '\n' + \ ' \n' + \ '\n' + \ ' \n' + \ ' \n' + \ + 'pattern="{8,256}" name="password" tabindex="1" required>\n' + \ login_button_str + register_button_str + '\n' + \ ' \n' + \ '\n' + \ From bb371b2f6f8cb25ec42a69542725ae53f5c5b02c Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 10:16:54 +0100 Subject: [PATCH 02/12] Tab index for login links --- webapp_login.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/webapp_login.py b/webapp_login.py index 9e903e0a4..a18b27615 100644 --- a/webapp_login.py +++ b/webapp_login.py @@ -136,9 +136,9 @@ def html_login(translate: {}, translate['Register'] + '' tos_str = \ - '' + \ - '' login_button_str = '' @@ -188,7 +188,7 @@ def html_login(translate: {}, login_button_str + register_button_str + '\n' + \ ' \n' + \ '\n' + \ - '' + \ + '' + \ '' + \ translate['Get the source code'] + '\n' From 7b8515396b4b1abf3a7e8acf40ac98b1f31d5a7e Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 10:39:16 +0100 Subject: [PATCH 03/12] Extra newlines on text mode login screen --- daemon.py | 6 +++--- webapp_login.py | 19 ++++++++++++++----- webapp_timeline.py | 11 +---------- webapp_utils.py | 10 ++++++++++ 4 files changed, 28 insertions(+), 18 deletions(-) diff --git a/daemon.py b/daemon.py index 8e4cd81a0..e3b449028 100644 --- a/daemon.py +++ b/daemon.py @@ -177,6 +177,7 @@ from webapp_utils import csv_following_list from webapp_utils import set_blog_address from webapp_utils import html_show_share from webapp_utils import get_pwa_theme_colors +from webapp_utils import text_mode_browser from webapp_calendar import html_calendar_delete_confirm from webapp_calendar import html_calendar from webapp_about import html_about @@ -190,7 +191,6 @@ from webapp_confirm import html_confirm_unblock from webapp_person_options import person_minimize_images from webapp_person_options import person_undo_minimize_images from webapp_person_options import html_person_options -from webapp_timeline import text_mode_browser from webapp_timeline import html_shares from webapp_timeline import html_wanted from webapp_timeline import html_inbox @@ -15287,7 +15287,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.http_prefix, self.server.domain_full, self.server.system_language, - False).encode('utf-8') + False, ua_str).encode('utf-8') msglen = len(msg) self._logout_headers('text/html', msglen, calling_domain) self._write(msg) @@ -16995,7 +16995,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.http_prefix, self.server.domain_full, self.server.system_language, - True).encode('utf-8') + True, ua_str).encode('utf-8') msglen = len(msg) self._login_headers('text/html', msglen, calling_domain) self._write(msg) diff --git a/webapp_login.py b/webapp_login.py index a18b27615..920e011d7 100644 --- a/webapp_login.py +++ b/webapp_login.py @@ -17,6 +17,7 @@ from webapp_utils import set_custom_background from webapp_utils import html_header_with_website_markup from webapp_utils import html_footer from webapp_utils import html_keyboard_navigation +from webapp_utils import text_mode_browser from theme import get_text_mode_logo @@ -58,7 +59,8 @@ def html_login(translate: {}, base_dir: str, http_prefix: str, domain: str, system_language: str, - autocomplete: bool) -> str: + autocomplete: bool, + ua_str: str) -> str: """Shows the login screen """ accounts = no_of_accounts(base_dir) @@ -178,14 +180,21 @@ def html_login(translate: {}, ' \n' + \ - '\n' + \ + 'required autofocus>' + in_text_mode = text_mode_browser(ua_str) + if in_text_mode: + login_form += '
' + login_form += \ + '\n\n' + \ ' \n' + \ ' \n' + \ - login_button_str + register_button_str + '\n' + \ + 'pattern="{8,256}" name="password" tabindex="1" required>' + if in_text_mode: + login_form += '
' + login_form += \ + '\n' + login_button_str + register_button_str + '\n' + \ ' \n' + \ '\n' + \ '' + \ diff --git a/webapp_timeline.py b/webapp_timeline.py index 3426bb0d3..be5c09774 100644 --- a/webapp_timeline.py +++ b/webapp_timeline.py @@ -23,6 +23,7 @@ from utils import remove_eol from follow import follower_approval_active from person import is_person_snoozed from markdown import markdown_to_html +from webapp_utils import text_mode_browser from webapp_utils import html_keyboard_navigation from webapp_utils import html_hide_from_screen_reader from webapp_utils import html_post_separator @@ -382,16 +383,6 @@ def _html_timeline_keyboard(moderator: bool, text_mode_banner: str, follow_approvals) -def text_mode_browser(ua_str: str) -> bool: - """Does the user agent indicate a text mode browser? - """ - text_mode_agents = ('Lynx/', 'w3m/', 'Links (', 'Emacs/', 'ELinks') - for agent in text_mode_agents: - if agent in ua_str: - return True - return False - - def _html_timeline_end(base_dir: str, nickname: str, domain_full: str, http_prefix: str, translate: {}, moderator: bool, editor: bool, diff --git a/webapp_utils.py b/webapp_utils.py index 33eab6f77..37bc83bfc 100644 --- a/webapp_utils.py +++ b/webapp_utils.py @@ -1887,3 +1887,13 @@ def html_common_emoji(base_dir: str, no_of_emoji: int) -> str: ctr += 1 line_ctr += 1 return html_str + + +def text_mode_browser(ua_str: str) -> bool: + """Does the user agent indicate a text mode browser? + """ + text_mode_agents = ('Lynx/', 'w3m/', 'Links (', 'Emacs/', 'ELinks') + for agent in text_mode_agents: + if agent in ua_str: + return True + return False From 73ffc33ef1460d9c224da99d35a26c522780d43c Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 10:40:21 +0100 Subject: [PATCH 04/12] Extra newlines on text mode login screen --- webapp_login.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapp_login.py b/webapp_login.py index 920e011d7..101a01b47 100644 --- a/webapp_login.py +++ b/webapp_login.py @@ -192,7 +192,7 @@ def html_login(translate: {}, ' placeholder="' + translate['Enter Password'] + '" ' + \ 'pattern="{8,256}" name="password" tabindex="1" required>' if in_text_mode: - login_form += '
' + login_form += '

' login_form += \ '\n' + login_button_str + register_button_str + '\n' + \ ' \n' + \ From fb7ed831fde8fd726c6e16771a03a889a12c73cf Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 14:01:07 +0100 Subject: [PATCH 05/12] Show user agent in login debug --- daemon.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/daemon.py b/daemon.py index e3b449028..182f3c194 100644 --- a/daemon.py +++ b/daemon.py @@ -2053,7 +2053,8 @@ class PubServer(BaseHTTPRequestHandler): def _show_login_screen(self, calling_domain: str, cookie: str, base_dir: str, http_prefix: str, domain: str, domain_full: str, port: int, - onion_domain: str, i2p_domain: str) -> None: + onion_domain: str, i2p_domain: str, + ua_str: str) -> None: """Shows the login screen """ # ensure that there is a minimum delay between failed login @@ -2176,7 +2177,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.postreq_busy = False return # login success - redirect with authorization - print('====== Login success: ' + login_nickname) + print('====== Login success: ' + login_nickname + + ' ' + ua_str) # re-activate account if needed activate_account(base_dir, login_nickname, domain) # This produces a deterministic token based @@ -20051,7 +20053,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.domain_full, self.server.port, self.server.onion_domain, - self.server.i2p_domain) + self.server.i2p_domain, + ua_str) self.server.postreq_busy = False return From 5e998a648c9f2a4b45b9fd0be257d64e543b2b3c Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 14:48:55 +0100 Subject: [PATCH 06/12] Function for 401 http code --- daemon.py | 26 +++++++++++++++++++------- translations/ar.json | 5 ++++- translations/bn.json | 5 ++++- translations/ca.json | 5 ++++- translations/cy.json | 5 ++++- translations/de.json | 5 ++++- translations/el.json | 5 ++++- translations/en.json | 5 ++++- translations/es.json | 5 ++++- translations/fr.json | 5 ++++- translations/ga.json | 5 ++++- translations/hi.json | 5 ++++- translations/it.json | 5 ++++- translations/ja.json | 5 ++++- translations/ko.json | 5 ++++- translations/ku.json | 5 ++++- translations/nl.json | 5 ++++- translations/oc.json | 5 ++++- translations/pl.json | 5 ++++- translations/pt.json | 5 ++++- translations/ru.json | 5 ++++- translations/sw.json | 5 ++++- translations/tr.json | 5 ++++- translations/uk.json | 5 ++++- translations/yi.json | 5 ++++- translations/zh.json | 5 ++++- webapp_login.py | 2 +- 27 files changed, 120 insertions(+), 33 deletions(-) diff --git a/daemon.py b/daemon.py index 182f3c194..dd3b62cbc 100644 --- a/daemon.py +++ b/daemon.py @@ -1059,6 +1059,15 @@ class PubServer(BaseHTTPRequestHandler): 'This is nothing less ' + 'than an utter triumph', None) + def _401(self, post_msg: str) -> None: + if self.server.translate: + ok_str = self.server.translate[post_msg] + self._http_return_code(401, self.server.translate['Unauthorized'], + ok_str, None) + else: + self._http_return_code(401, 'Unauthorized', + post_msg, None) + def _201(self, etag: str) -> None: if self.server.translate: done_str = self.server.translate['It is done'] @@ -2050,12 +2059,12 @@ class PubServer(BaseHTTPRequestHandler): 'epicyon=; SameSite=Strict', calling_domain) - def _show_login_screen(self, calling_domain: str, cookie: str, + def _post_login_screen(self, calling_domain: str, cookie: str, base_dir: str, http_prefix: str, domain: str, domain_full: str, port: int, onion_domain: str, i2p_domain: str, ua_str: str) -> None: - """Shows the login screen + """POST to login screen, containing credentials """ # ensure that there is a minimum delay between failed login # attempts, to mitigate brute force @@ -2068,8 +2077,7 @@ class PubServer(BaseHTTPRequestHandler): length = int(self.headers['Content-length']) if length > 512: print('Login failed - credentials too long') - self.send_response(401) - self.end_headers() + self._401('Credentials are too long') self.server.postreq_busy = False return @@ -2096,7 +2104,7 @@ class PubServer(BaseHTTPRequestHandler): html_get_login_credentials(login_params, self.server.last_login_time, domain) - if login_nickname: + if login_nickname and login_password: if is_system_account(login_nickname): print('Invalid username login: ' + login_nickname + ' (system account)') @@ -2248,6 +2256,10 @@ class PubServer(BaseHTTPRequestHandler): cookie_str, calling_domain) self.server.postreq_busy = False return + else: + print('WARN: No login credentials presented to /login') + self._401('No login credentials were posted') + self.server.postreq_busy = False self._200() self.server.postreq_busy = False @@ -20044,9 +20056,9 @@ class PubServer(BaseHTTPRequestHandler): '_POST', 'start', self.server.debug) - # login screen + # POST to login screen, containing credentials if self.path.startswith('/login'): - self._show_login_screen(calling_domain, cookie, + self._post_login_screen(calling_domain, cookie, self.server.base_dir, self.server.http_prefix, self.server.domain, diff --git a/translations/ar.json b/translations/ar.json index 23dd72d4f..6ff8d37be 100644 --- a/translations/ar.json +++ b/translations/ar.json @@ -587,5 +587,8 @@ "Last 2 weeks": "آخر أسبوعين", "Last month": "الشهر الماضي", "Last 6 months": "آخر 6 أشهر", - "Last year": "العام الماضي" + "Last year": "العام الماضي", + "Unauthorized": "غير مصرح", + "No login credentials were posted": "لم يتم نشر بيانات اعتماد تسجيل الدخول", + "Credentials are too long": "أوراق الاعتماد طويلة جدًا" } diff --git a/translations/bn.json b/translations/bn.json index 54864b4ae..ab0391319 100644 --- a/translations/bn.json +++ b/translations/bn.json @@ -587,5 +587,8 @@ "Last 2 weeks": "গত ২ সপ্তাহ", "Last month": "গত মাসে", "Last 6 months": "গত ৬ মাস", - "Last year": "গত বছর" + "Last year": "গত বছর", + "Unauthorized": "অননুমোদিত", + "No login credentials were posted": "কোনো লগইন শংসাপত্র পোস্ট করা হয়নি", + "Credentials are too long": "শংসাপত্রগুলি খুব দীর্ঘ৷" } diff --git a/translations/ca.json b/translations/ca.json index b7d4cff5e..4026c8d68 100644 --- a/translations/ca.json +++ b/translations/ca.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Últimes 2 setmanes", "Last month": "El mes passat", "Last 6 months": "Últims 6 mesos", - "Last year": "L'any passat" + "Last year": "L'any passat", + "Unauthorized": "No autoritzat", + "No login credentials were posted": "No s'ha publicat cap credencial d'inici de sessió", + "Credentials are too long": "Les credencials són massa llargues" } diff --git a/translations/cy.json b/translations/cy.json index fa7b24a18..5a5c76311 100644 --- a/translations/cy.json +++ b/translations/cy.json @@ -587,5 +587,8 @@ "Last 2 weeks": "2 wythnos diwethaf", "Last month": "Mis diwethaf", "Last 6 months": "6 mis diwethaf", - "Last year": "Blwyddyn diwethaf" + "Last year": "Blwyddyn diwethaf", + "Unauthorized": "Anawdurdodedig", + "No login credentials were posted": "Ni bostiwyd unrhyw fanylion mewngofnodi", + "Credentials are too long": "Mae manylion yn rhy hir" } diff --git a/translations/de.json b/translations/de.json index 8fe4df906..282a36023 100644 --- a/translations/de.json +++ b/translations/de.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Letzte 2 Wochen", "Last month": "Im vergangenen Monat", "Last 6 months": "Letzte 6 Monate", - "Last year": "Vergangenes Jahr" + "Last year": "Vergangenes Jahr", + "Unauthorized": "Unbefugt", + "No login credentials were posted": "Es wurden keine Zugangsdaten gepostet", + "Credentials are too long": "Anmeldeinformationen sind zu lang" } diff --git a/translations/el.json b/translations/el.json index 494933a97..0778d0b58 100644 --- a/translations/el.json +++ b/translations/el.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Τελευταίες 2 εβδομάδες", "Last month": "Τον προηγούμενο μήνα", "Last 6 months": "Τελευταίοι 6 μήνες", - "Last year": "Πέρυσι" + "Last year": "Πέρυσι", + "Unauthorized": "Ανεξουσιοδότητος", + "No login credentials were posted": "Δεν δημοσιεύτηκαν διαπιστευτήρια σύνδεσης", + "Credentials are too long": "Τα διαπιστευτήρια είναι πολύ μεγάλα" } diff --git a/translations/en.json b/translations/en.json index 286e83ae6..7786801e4 100644 --- a/translations/en.json +++ b/translations/en.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Last 2 weeks", "Last month": "Last month", "Last 6 months": "Last 6 months", - "Last year": "Last year" + "Last year": "Last year", + "Unauthorized": "Unauthorized", + "No login credentials were posted": "No login credentials were posted", + "Credentials are too long": "Credentials are too long" } diff --git a/translations/es.json b/translations/es.json index 7faf7bf54..ea16525b9 100644 --- a/translations/es.json +++ b/translations/es.json @@ -587,5 +587,8 @@ "Last 2 weeks": "últimas 2 semanas", "Last month": "El mes pasado", "Last 6 months": "últimos 6 meses", - "Last year": "El año pasado" + "Last year": "El año pasado", + "Unauthorized": "No autorizado", + "No login credentials were posted": "No se publicaron credenciales de inicio de sesión", + "Credentials are too long": "Las credenciales son demasiado largas" } diff --git a/translations/fr.json b/translations/fr.json index 3987da5df..6b0599a41 100644 --- a/translations/fr.json +++ b/translations/fr.json @@ -587,5 +587,8 @@ "Last 2 weeks": "2 dernières semaines", "Last month": "Le mois dernier", "Last 6 months": "6 derniers mois", - "Last year": "L'année dernière" + "Last year": "L'année dernière", + "Unauthorized": "Non autorisé", + "No login credentials were posted": "Aucun identifiant de connexion n'a été posté", + "Credentials are too long": "Les identifiants sont trop longs" } diff --git a/translations/ga.json b/translations/ga.json index 63e515d2b..3d2ad5f0a 100644 --- a/translations/ga.json +++ b/translations/ga.json @@ -587,5 +587,8 @@ "Last 2 weeks": "2 sheachtain anuas", "Last month": "An mhí seo caite", "Last 6 months": "6 mhí anuas", - "Last year": "Anuraidh" + "Last year": "Anuraidh", + "Unauthorized": "Neamhúdaraithe", + "No login credentials were posted": "Níor postáladh aon dintiúir logáil isteach", + "Credentials are too long": "Tá dintiúir ró-fhada" } diff --git a/translations/hi.json b/translations/hi.json index 846975dd5..d4e2bbd42 100644 --- a/translations/hi.json +++ b/translations/hi.json @@ -587,5 +587,8 @@ "Last 2 weeks": "पिछले 2 सप्ताह", "Last month": "पिछले महीने", "Last 6 months": "पिछले 6 महीने", - "Last year": "पिछले साल" + "Last year": "पिछले साल", + "Unauthorized": "अनधिकृत", + "No login credentials were posted": "कोई लॉगिन क्रेडेंशियल पोस्ट नहीं किया गया था", + "Credentials are too long": "क्रेडेंशियल बहुत लंबे हैं" } diff --git a/translations/it.json b/translations/it.json index c4589b9e2..122c7847a 100644 --- a/translations/it.json +++ b/translations/it.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Ultime 2 settimane", "Last month": "Lo scorso mese", "Last 6 months": "Ultimi 6 mesi", - "Last year": "L'anno scorso" + "Last year": "L'anno scorso", + "Unauthorized": "Non autorizzato", + "No login credentials were posted": "Non sono state pubblicate credenziali di accesso", + "Credentials are too long": "Le credenziali sono troppo lunghe" } diff --git a/translations/ja.json b/translations/ja.json index 8ad785b4c..ee327ae96 100644 --- a/translations/ja.json +++ b/translations/ja.json @@ -587,5 +587,8 @@ "Last 2 weeks": "過去 2 週間", "Last month": "先月", "Last 6 months": "過去 6 か月", - "Last year": "去年" + "Last year": "去年", + "Unauthorized": "無許可", + "No login credentials were posted": "ログイン認証情報が投稿されていません", + "Credentials are too long": "資格情報が長すぎます" } diff --git a/translations/ko.json b/translations/ko.json index a8650073a..868b6bb4e 100644 --- a/translations/ko.json +++ b/translations/ko.json @@ -587,5 +587,8 @@ "Last 2 weeks": "지난 2주", "Last month": "지난 달", "Last 6 months": "지난 6개월", - "Last year": "작년" + "Last year": "작년", + "Unauthorized": "무단", + "No login credentials were posted": "게시된 로그인 자격 증명이 없습니다.", + "Credentials are too long": "자격 증명이 너무 깁니다." } diff --git a/translations/ku.json b/translations/ku.json index 746954a94..54df7dbd3 100644 --- a/translations/ku.json +++ b/translations/ku.json @@ -587,5 +587,8 @@ "Last 2 weeks": "2 hefteyên dawî", "Last month": "meha borî", "Last 6 months": "6 mehên dawî", - "Last year": "Sala borî" + "Last year": "Sala borî", + "Unauthorized": "Bêmaf", + "No login credentials were posted": "Tu pêbaweriyên têketinê nehatin şandin", + "Credentials are too long": "Bawernameyên pir dirêj in" } diff --git a/translations/nl.json b/translations/nl.json index 3d55f27cb..c454edc4d 100644 --- a/translations/nl.json +++ b/translations/nl.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Afgelopen 2 weken", "Last month": "Vorige maand", "Last 6 months": "Afgelopen 6 maanden", - "Last year": "Afgelopen jaar" + "Last year": "Afgelopen jaar", + "Unauthorized": "Ongeautoriseerd", + "No login credentials were posted": "Er zijn geen inloggegevens gepost", + "Credentials are too long": "Inloggegevens zijn te lang" } diff --git a/translations/oc.json b/translations/oc.json index acdc5e8a2..29ec2857c 100644 --- a/translations/oc.json +++ b/translations/oc.json @@ -583,5 +583,8 @@ "Last 2 weeks": "Last 2 weeks", "Last month": "Last month", "Last 6 months": "Last 6 months", - "Last year": "Last year" + "Last year": "Last year", + "Unauthorized": "Unauthorized", + "No login credentials were posted": "No login credentials were posted", + "Credentials are too long": "Credentials are too long" } diff --git a/translations/pl.json b/translations/pl.json index 46494b7bf..9af7f9dcc 100644 --- a/translations/pl.json +++ b/translations/pl.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Ostatnie 2 tygodnie", "Last month": "W zeszłym miesiącu", "Last 6 months": "Ostatnie 6 miesięcy", - "Last year": "Ostatni rok" + "Last year": "Ostatni rok", + "Unauthorized": "Nieautoryzowany", + "No login credentials were posted": "Nie opublikowano danych logowania", + "Credentials are too long": "Poświadczenia są za długie" } diff --git a/translations/pt.json b/translations/pt.json index f20e98655..2d7d88d55 100644 --- a/translations/pt.json +++ b/translations/pt.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Últimas 2 semanas", "Last month": "Mês passado", "Last 6 months": "Últimos 6 meses", - "Last year": "Ano passado" + "Last year": "Ano passado", + "Unauthorized": "Não autorizado", + "No login credentials were posted": "Nenhuma credencial de login foi postada", + "Credentials are too long": "As credenciais são muito longas" } diff --git a/translations/ru.json b/translations/ru.json index 8ccd46371..4188c23af 100644 --- a/translations/ru.json +++ b/translations/ru.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Последние 2 недели", "Last month": "Прошлый месяц", "Last 6 months": "Последние 6 месяцев", - "Last year": "Прошедший год" + "Last year": "Прошедший год", + "Unauthorized": "Неавторизованный", + "No login credentials were posted": "Учетные данные для входа не были отправлены", + "Credentials are too long": "Учетные данные слишком длинные" } diff --git a/translations/sw.json b/translations/sw.json index eba0e4f97..30dc696ac 100644 --- a/translations/sw.json +++ b/translations/sw.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Wiki 2 zilizopita", "Last month": "Mwezi uliopita", "Last 6 months": "Miezi 6 iliyopita", - "Last year": "Mwaka jana" + "Last year": "Mwaka jana", + "Unauthorized": "Haijaidhinishwa", + "No login credentials were posted": "Hakuna kitambulisho cha kuingia kilichochapishwa", + "Credentials are too long": "Kitambulisho ni kirefu sana" } diff --git a/translations/tr.json b/translations/tr.json index 1c1f713d5..efcc36f80 100644 --- a/translations/tr.json +++ b/translations/tr.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Son 2 hafta", "Last month": "Geçen ay", "Last 6 months": "Son 6 ay", - "Last year": "Geçen yıl" + "Last year": "Geçen yıl", + "Unauthorized": "Yetkisiz", + "No login credentials were posted": "Giriş bilgileri gönderilmedi", + "Credentials are too long": "Kimlik bilgileri çok uzun" } diff --git a/translations/uk.json b/translations/uk.json index 8bad61475..923d202d4 100644 --- a/translations/uk.json +++ b/translations/uk.json @@ -587,5 +587,8 @@ "Last 2 weeks": "Останні 2 тижні", "Last month": "Минулого місяця", "Last 6 months": "Останні 6 місяців", - "Last year": "Минулого року" + "Last year": "Минулого року", + "Unauthorized": "Несанкціонований", + "No login credentials were posted": "Облікові дані для входу не опубліковано", + "Credentials are too long": "Облікові дані задовгі" } diff --git a/translations/yi.json b/translations/yi.json index 9b8c60c6a..a52868036 100644 --- a/translations/yi.json +++ b/translations/yi.json @@ -587,5 +587,8 @@ "Last 2 weeks": "לעצטע 2 וואָכן", "Last month": "לעצטע מאנאט", "Last 6 months": "לעצטע 6 חדשים", - "Last year": "לעצטע יאר" + "Last year": "לעצטע יאר", + "Unauthorized": "אַנאָטערייזד", + "No login credentials were posted": "קיין לאָגין קראַדענטשאַלז זענען אַרייַנגעשיקט", + "Credentials are too long": "קראַדענטשאַלז זענען צו לאַנג" } diff --git a/translations/zh.json b/translations/zh.json index 06cd25aee..546709ed7 100644 --- a/translations/zh.json +++ b/translations/zh.json @@ -587,5 +587,8 @@ "Last 2 weeks": "过去 2 周", "Last month": "上个月", "Last 6 months": "过去 6 个月", - "Last year": "去年" + "Last year": "去年", + "Unauthorized": "未经授权", + "No login credentials were posted": "未发布登录凭据", + "Credentials are too long": "凭据太长" } diff --git a/webapp_login.py b/webapp_login.py index 101a01b47..4dd22a6a4 100644 --- a/webapp_login.py +++ b/webapp_login.py @@ -30,7 +30,7 @@ def html_get_login_credentials(loginParams: str, return None, None, None # minimum time between login attempts curr_time = int(time.time()) - if curr_time < last_login_time+10: + if curr_time < last_login_time + 10: return None, None, None if '&' not in loginParams: return None, None, None From 849277bc49c7d7f997cdd906ef15ca56494e3be5 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 14:52:12 +0100 Subject: [PATCH 07/12] Extra debug --- daemon.py | 6 ++++-- webapp_login.py | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/daemon.py b/daemon.py index dd3b62cbc..6e6da289d 100644 --- a/daemon.py +++ b/daemon.py @@ -2063,7 +2063,7 @@ class PubServer(BaseHTTPRequestHandler): base_dir: str, http_prefix: str, domain: str, domain_full: str, port: int, onion_domain: str, i2p_domain: str, - ua_str: str) -> None: + ua_str: str, debug: bool) -> None: """POST to login screen, containing credentials """ # ensure that there is a minimum delay between failed login @@ -2258,6 +2258,8 @@ class PubServer(BaseHTTPRequestHandler): return else: print('WARN: No login credentials presented to /login') + if debug: + print(login_params) self._401('No login credentials were posted') self.server.postreq_busy = False self._200() @@ -20066,7 +20068,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.port, self.server.onion_domain, self.server.i2p_domain, - ua_str) + ua_str, self.server.debug) self.server.postreq_busy = False return diff --git a/webapp_login.py b/webapp_login.py index 4dd22a6a4..c55ab06bc 100644 --- a/webapp_login.py +++ b/webapp_login.py @@ -21,20 +21,20 @@ from webapp_utils import text_mode_browser from theme import get_text_mode_logo -def html_get_login_credentials(loginParams: str, +def html_get_login_credentials(login_params: str, last_login_time: int, domain: str) -> (str, str, bool): """Receives login credentials via HTTPServer POST """ - if not loginParams.startswith('username='): + if not login_params.startswith('username='): return None, None, None # minimum time between login attempts curr_time = int(time.time()) if curr_time < last_login_time + 10: return None, None, None - if '&' not in loginParams: + if '&' not in login_params: return None, None, None - login_args = loginParams.split('&') + login_args = login_params.split('&') nickname = None password = None register = False From 65680dd885f10b9729d6cb1d223e7647413dc2bc Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 15:02:17 +0100 Subject: [PATCH 08/12] More debug --- daemon.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index 6e6da289d..199ba3bf8 100644 --- a/daemon.py +++ b/daemon.py @@ -2259,7 +2259,22 @@ class PubServer(BaseHTTPRequestHandler): else: print('WARN: No login credentials presented to /login') if debug: - print(login_params) + # be careful to avoid logging the password + login_str = login_params + if '=' in login_params: + login_params_list = login_params.split('=') + login_str = '' + skip_param = False + for login_prm in login_params_list: + if not skip_param: + login_str += login_prm + '=' + else: + if '&' in login_prm: + login_str += '&' + login_prm.split('&')[1] + skip_param = False + if 'password' in login_prm: + skip_param = True + print(login_str) self._401('No login credentials were posted') self.server.postreq_busy = False self._200() From e6eebb13655b3d0ae2610634a5a76d8c3822ef7f Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 15:10:37 +0100 Subject: [PATCH 09/12] Remove trailing equals --- daemon.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index 199ba3bf8..de64c8493 100644 --- a/daemon.py +++ b/daemon.py @@ -2270,10 +2270,12 @@ class PubServer(BaseHTTPRequestHandler): login_str += login_prm + '=' else: if '&' in login_prm: - login_str += '&' + login_prm.split('&')[1] + login_str += \ + '&' + login_prm.split('&')[1] + '=' skip_param = False if 'password' in login_prm: skip_param = True + login_str = login_str[:len(login_str) - 1] print(login_str) self._401('No login credentials were posted') self.server.postreq_busy = False From 2d9dd2c1458473f7dc671fe1798e6dde5b2a2359 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 15:17:24 +0100 Subject: [PATCH 10/12] Indicate non-zero length --- daemon.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daemon.py b/daemon.py index de64c8493..994a68f79 100644 --- a/daemon.py +++ b/daemon.py @@ -2269,6 +2269,8 @@ class PubServer(BaseHTTPRequestHandler): if not skip_param: login_str += login_prm + '=' else: + if len(login_prm.split('&')[0]) > 0: + login_str += login_prm + '*' if '&' in login_prm: login_str += \ '&' + login_prm.split('&')[1] + '=' From 84d57590b833426053cff0cdeaf06092c6649492 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 15:19:38 +0100 Subject: [PATCH 11/12] Indicate non-zero length --- daemon.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index 994a68f79..62f9f1bdc 100644 --- a/daemon.py +++ b/daemon.py @@ -2269,8 +2269,10 @@ class PubServer(BaseHTTPRequestHandler): if not skip_param: login_str += login_prm + '=' else: - if len(login_prm.split('&')[0]) > 0: + len_str = login_prm.split('&')[0] + if len(len_str) > 0: login_str += login_prm + '*' + len_str = '' if '&' in login_prm: login_str += \ '&' + login_prm.split('&')[1] + '=' From 1d778697065926c3d1932d8ba35927f59a917781 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 28 Aug 2022 15:23:38 +0100 Subject: [PATCH 12/12] Username might not be at the start --- webapp_login.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webapp_login.py b/webapp_login.py index c55ab06bc..1d4490289 100644 --- a/webapp_login.py +++ b/webapp_login.py @@ -27,7 +27,8 @@ def html_get_login_credentials(login_params: str, """Receives login credentials via HTTPServer POST """ if not login_params.startswith('username='): - return None, None, None + if '&username=' not in login_params: + return None, None, None # minimum time between login attempts curr_time = int(time.time()) if curr_time < last_login_time + 10: