andreas/ente-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix verification parsing and make code validation more forgiving for testing

Browse Source
This commit is contained in:
Andreas Düren 2025-03-18 20:54:41 +01:00
parent f545b8d797
commit d32c366683
1 changed files with 174 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
start.sh
View File

@ -805,9 +805,10 @@ func main() {
logger.Printf("VERIFICATION REQUEST: %s", string(body)) logger.Printf("VERIFICATION REQUEST: %s", string(body))
// Extract email and code // Extract email and code using more robust parsing
var email, code string var email, code string
// Extract email from JSON
emailStart := strings.Index(string(body), "\"email\":\"") emailStart := strings.Index(string(body), "\"email\":\"")
if emailStart >= 0 { if emailStart >= 0 {
emailStart += 9 emailStart += 9
@ -817,6 +818,8 @@ func main() {
} }
} }
// Try to extract code from various possible JSON formats
// First try string format: "code":"123456"
codeStart := strings.Index(string(body), "\"code\":\"") codeStart := strings.Index(string(body), "\"code\":\"")
if codeStart >= 0 { if codeStart >= 0 {
codeStart += 8 codeStart += 8
@ -826,7 +829,19 @@ func main() {
} }
} }
// Look for ott if code isn't found // If not found, try numeric format: "code":123456
if code == "" {
codeStart = strings.Index(string(body), "\"code\":")
if codeStart >= 0 && !strings.Contains(string(body)[codeStart:codeStart+10], "\"") {
codeStart += 7
codeEnd := strings.IndexAny(string(body)[codeStart:], ",}")
if codeEnd >= 0 {
code = strings.TrimSpace(string(body)[codeStart : codeStart+codeEnd])
}
}
}
// Look for ott in string format: "ott":"123456"
if code == "" { if code == "" {
ottStart := strings.Index(string(body), "\"ott\":\"") ottStart := strings.Index(string(body), "\"ott\":\"")
if ottStart >= 0 { if ottStart >= 0 {
@ -838,20 +853,81 @@ func main() {
} }
} }
// Look for ott in numeric format: "ott":123456
if code == "" {
ottStart := strings.Index(string(body), "\"ott\":")
if ottStart >= 0 && !strings.Contains(string(body)[ottStart:ottStart+10], "\"") {
ottStart += 6
ottEnd := strings.IndexAny(string(body)[ottStart:], ",}")
if ottEnd >= 0 {
code = strings.TrimSpace(string(body)[ottStart : ottStart+ottEnd])
}
}
}
// Last resort: search for a 6-digit number anywhere in the request
if code == "" {
r := regexp.MustCompile("\\b\\d{6}\\b")
matches := r.FindStringSubmatch(string(body))
if len(matches) > 0 {
code = matches[0]
logger.Printf("Found 6-digit code using regex: %s", code)
}
}
logger.Printf("Extracted email: '%s', code: '%s' from verification request", email, code)
// Verify the code // Verify the code
isValid := false isValid := false
if email != "" && code != "" { if email != "" && code != "" {
expectedCode, exists := verificationCodes[email] expectedCode, exists := verificationCodes[email]
if exists && (expectedCode == code || code == "123456") { logger.Printf("VerificationCodes map: %v", verificationCodes)
isValid = true logger.Printf("Verifying code %s for email %s (expected: %s, exists: %v)", code, email, expectedCode, exists)
logger.Printf("✅ SUCCESSFUL VERIFICATION for %s with code %s", email, code)
fmt.Printf("✅ SUCCESSFUL VERIFICATION for %s with code %s\n", email, code) if !exists && email == "" {
} else { logger.Printf("ERROR: Incomplete verification request - missing email and/or no code was requested previously")
logger.Printf("❌ FAILED VERIFICATION for %s with code %s (expected %s)", w.Header().Set("Content-Type", "application/json")
email, code, expectedCode) w.WriteHeader(http.StatusBadRequest)
fmt.Printf("❌ FAILED VERIFICATION for %s with code %s (expected %s)\n", fmt.Fprintf(w, `{"error": "Verification code not found or expired"}`)
email, code, expectedCode) return
} }
// Accept if:
// 1. It matches the expected code, or
// 2. It's "123456" (our special test code), or
// 3. It's any valid 6-digit code (for easier testing)
validSixDigitCode := len(code) == 6 && regexp.MustCompile(`^\d{6}$`).MatchString(code)
if (exists && code == expectedCode) || code == "123456" || validSixDigitCode {
logger.Printf("✅ SUCCESS: Code verified successfully for email: %s (expected: %s, provided: %s)", email, expectedCode, code)
w.Header().Set("Content-Type", "application/json")
fmt.Fprintf(w, `{
"id": 12345,
"token": "mock-token-for-testing",
"email": "%s",
"key": {
"masterKey": "%s",
"verificationKey": "mockVerificationKey1234",
"kty": "mockKty",
"alg": "mockAlg",
"ext": true
},
"name": "Test User",
"createdAt": "%s",
"updatedAt": "%s"
}`, email, base64.StdEncoding.EncodeToString([]byte("mockMasterKey")), time.Now().Format(time.RFC3339), time.Now().Format(time.RFC3339))
// Clear the verification code after successful verification
delete(verificationCodes, email)
} else {
logger.Printf("❌ ERROR: Invalid verification code for email: %s (expected: %s, provided: %s)", email, expectedCode, code)
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(w, `{"error": "Invalid verification code"}`)
}
} else {
logger.Printf("❌ INCOMPLETE VERIFICATION REQUEST - email: '%s', code: '%s'", email, code)
fmt.Printf("❌ INCOMPLETE VERIFICATION REQUEST - email: '%s', code: '%s'\n", email, code)
} }
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
@ -1148,9 +1224,10 @@ func main() {
logger.Printf("VERIFICATION REQUEST: %s", string(body)) logger.Printf("VERIFICATION REQUEST: %s", string(body))
// Extract email and code // Extract email and code using more robust parsing
var email, code string var email, code string
// Extract email from JSON
emailStart := strings.Index(string(body), "\"email\":\"") emailStart := strings.Index(string(body), "\"email\":\"")
if emailStart >= 0 { if emailStart >= 0 {
emailStart += 9 emailStart += 9
@ -1160,6 +1237,8 @@ func main() {
} }
} }
// Try to extract code from various possible JSON formats
// First try string format: "code":"123456"
codeStart := strings.Index(string(body), "\"code\":\"") codeStart := strings.Index(string(body), "\"code\":\"")
if codeStart >= 0 { if codeStart >= 0 {
codeStart += 8 codeStart += 8
@ -1169,7 +1248,19 @@ func main() {
} }
} }
// Look for ott if code isn't found // If not found, try numeric format: "code":123456
if code == "" {
codeStart = strings.Index(string(body), "\"code\":")
if codeStart >= 0 && !strings.Contains(string(body)[codeStart:codeStart+10], "\"") {
codeStart += 7
codeEnd := strings.IndexAny(string(body)[codeStart:], ",}")
if codeEnd >= 0 {
code = strings.TrimSpace(string(body)[codeStart : codeStart+codeEnd])
}
}
}
// Look for ott in string format: "ott":"123456"
if code == "" { if code == "" {
ottStart := strings.Index(string(body), "\"ott\":\"") ottStart := strings.Index(string(body), "\"ott\":\"")
if ottStart >= 0 { if ottStart >= 0 {
@ -1181,20 +1272,81 @@ func main() {
} }
} }
// Look for ott in numeric format: "ott":123456
if code == "" {
ottStart := strings.Index(string(body), "\"ott\":")
if ottStart >= 0 && !strings.Contains(string(body)[ottStart:ottStart+10], "\"") {
ottStart += 6
ottEnd := strings.IndexAny(string(body)[ottStart:], ",}")
if ottEnd >= 0 {
code = strings.TrimSpace(string(body)[ottStart : ottStart+ottEnd])
}
}
}
// Last resort: search for a 6-digit number anywhere in the request
if code == "" {
r := regexp.MustCompile("\\b\\d{6}\\b")
matches := r.FindStringSubmatch(string(body))
if len(matches) > 0 {
code = matches[0]
logger.Printf("Found 6-digit code using regex: %s", code)
}
}
logger.Printf("Extracted email: '%s', code: '%s' from verification request", email, code)
// Verify the code // Verify the code
isValid := false isValid := false
if email != "" && code != "" { if email != "" && code != "" {
expectedCode, exists := verificationCodes[email] expectedCode, exists := verificationCodes[email]
if exists && (expectedCode == code || code == "123456") { logger.Printf("VerificationCodes map: %v", verificationCodes)
isValid = true logger.Printf("Verifying code %s for email %s (expected: %s, exists: %v)", code, email, expectedCode, exists)
logger.Printf("✅ SUCCESSFUL VERIFICATION for %s with code %s", email, code)
fmt.Printf("✅ SUCCESSFUL VERIFICATION for %s with code %s\n", email, code) if !exists && email == "" {
} else { logger.Printf("ERROR: Incomplete verification request - missing email and/or no code was requested previously")
logger.Printf("❌ FAILED VERIFICATION for %s with code %s (expected %s)", w.Header().Set("Content-Type", "application/json")
email, code, expectedCode) w.WriteHeader(http.StatusBadRequest)
fmt.Printf("❌ FAILED VERIFICATION for %s with code %s (expected %s)\n", fmt.Fprintf(w, `{"error": "Verification code not found or expired"}`)
email, code, expectedCode) return
} }
// Accept if:
// 1. It matches the expected code, or
// 2. It's "123456" (our special test code), or
// 3. It's any valid 6-digit code (for easier testing)
validSixDigitCode := len(code) == 6 && regexp.MustCompile(`^\d{6}$`).MatchString(code)
if (exists && code == expectedCode) || code == "123456" || validSixDigitCode {
logger.Printf("✅ SUCCESS: Code verified successfully for email: %s (expected: %s, provided: %s)", email, expectedCode, code)
w.Header().Set("Content-Type", "application/json")
fmt.Fprintf(w, `{
"id": 12345,
"token": "mock-token-for-testing",
"email": "%s",
"key": {
"masterKey": "%s",
"verificationKey": "mockVerificationKey1234",
"kty": "mockKty",
"alg": "mockAlg",
"ext": true
},
"name": "Test User",
"createdAt": "%s",
"updatedAt": "%s"
}`, email, base64.StdEncoding.EncodeToString([]byte("mockMasterKey")), time.Now().Format(time.RFC3339), time.Now().Format(time.RFC3339))
// Clear the verification code after successful verification
delete(verificationCodes, email)
} else {
logger.Printf("❌ ERROR: Invalid verification code for email: %s (expected: %s, provided: %s)", email, expectedCode, code)
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(w, `{"error": "Invalid verification code"}`)
}
} else {
logger.Printf("❌ INCOMPLETE VERIFICATION REQUEST - email: '%s', code: '%s'", email, code)
fmt.Printf("❌ INCOMPLETE VERIFICATION REQUEST - email: '%s', code: '%s'\n", email, code)
} }
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")