From 64aecba7a020f85993f3ce06246d8793fa948b52 Mon Sep 17 00:00:00 2001 From: Omar Roth Date: Mon, 22 Apr 2019 10:18:17 -0500 Subject: [PATCH] Add option to change passwords --- locales/ar.json | 4 ++ locales/de.json | 4 ++ locales/en-US.json | 4 ++ locales/eo.json | 4 ++ locales/es.json | 4 ++ locales/eu.json | 4 ++ locales/fr.json | 4 ++ locales/it.json | 4 ++ locales/nb_NO.json | 4 ++ locales/nl.json | 4 ++ locales/pl.json | 4 ++ locales/ru.json | 4 ++ locales/uk.json | 4 ++ src/invidious.cr | 80 +++++++++++++++++++++++++ src/invidious/views/change_password.ecr | 32 ++++++++++ src/invidious/views/preferences.ecr | 4 ++ 16 files changed, 168 insertions(+) create mode 100644 src/invidious/views/change_password.ecr diff --git a/locales/ar.json b/locales/ar.json index adb8c649..695a3a61 100644 --- a/locales/ar.json +++ b/locales/ar.json @@ -13,6 +13,9 @@ "Next page": "الصفحة الثانية", "Previous page": "الصفحة السابقة", "Clear watch history?": "مسح السجل ؟", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "نعم", @@ -82,6 +85,7 @@ "Data preferences": "إعدادات التفضيلات", "Clear watch history": "حذف سجل المشاهدة", "Import/export data": "إضافة\\إستخراج البيانات", + "Change password": "", "Manage subscriptions": "إدارة المشتركين", "Manage tokens": "", "Watch history": "سجل المشاهدة", diff --git a/locales/de.json b/locales/de.json index cffe8b95..a2a09e68 100644 --- a/locales/de.json +++ b/locales/de.json @@ -13,6 +13,9 @@ "Next page": "Nächste Seite", "Previous page": "Vorherige Seite", "Clear watch history?": "Verlauf löschen?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Ja", @@ -82,6 +85,7 @@ "Data preferences": "Dateneinstellungen", "Clear watch history": "Verlauf löschen", "Import/export data": "Daten im- exportieren", + "Change password": "", "Manage subscriptions": "Abonnements verwalten", "Manage tokens": "", "Watch history": "Verlauf", diff --git a/locales/en-US.json b/locales/en-US.json index 9cfce711..8dbc7e61 100644 --- a/locales/en-US.json +++ b/locales/en-US.json @@ -13,6 +13,9 @@ "Next page": "Next page", "Previous page": "Previous page", "Clear watch history?": "Clear watch history?", + "New password": "New password", + "New passwords must match": "New passwords must match", + "Cannot change password for Google accounts": "Cannot change password for Google accounts", "Authorize token?": "Authorize token?", "Authorize token for `x`?": "Authorize token for `x`?", "Yes": "Yes", @@ -82,6 +85,7 @@ "Data preferences": "Data preferences", "Clear watch history": "Clear watch history", "Import/export data": "Import/export data", + "Change password": "Change password", "Manage subscriptions": "Manage subscriptions", "Manage tokens": "Manage tokens", "Watch history": "Watch history", diff --git a/locales/eo.json b/locales/eo.json index 317dc3ba..f8ae6912 100644 --- a/locales/eo.json +++ b/locales/eo.json @@ -13,6 +13,9 @@ "Next page": "Sekva paĝo", "Previous page": "Antaŭa paĝo", "Clear watch history?": "Ĉu forigi vidohistorion?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Jes", @@ -82,6 +85,7 @@ "Data preferences": "Datumagordoj", "Clear watch history": "Forigi vidohistorion", "Import/export data": "Importi/Eksporti datumojn", + "Change password": "", "Manage subscriptions": "Administri abonojn", "Manage tokens": "", "Watch history": "Vidohistorio", diff --git a/locales/es.json b/locales/es.json index 4c6f4f39..15191506 100644 --- a/locales/es.json +++ b/locales/es.json @@ -13,6 +13,9 @@ "Next page": "Página siguiente", "Previous page": "Página anterior", "Clear watch history?": "¿Quiere borrar el historial de reproducción?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Sí", @@ -82,6 +85,7 @@ "Data preferences": "Preferencias de los datos", "Clear watch history": "Borrar el historial de reproducción", "Import/export data": "Importar/Exportar datos", + "Change password": "", "Manage subscriptions": "Gestionar las suscripciones", "Manage tokens": "", "Watch history": "Historial de reproducción", diff --git a/locales/eu.json b/locales/eu.json index 9abeb684..a17f8ec8 100644 --- a/locales/eu.json +++ b/locales/eu.json @@ -13,6 +13,9 @@ "Next page": "Hurrengo orria", "Previous page": "Aurreko orria", "Clear watch history?": "Garbitu ikusitakoen historia?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Bai", @@ -82,6 +85,7 @@ "Data preferences": "", "Clear watch history": "", "Import/export data": "", + "Change password": "", "Manage subscriptions": "", "Manage tokens": "", "Watch history": "", diff --git a/locales/fr.json b/locales/fr.json index e94c0d1c..9e15d310 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -13,6 +13,9 @@ "Next page": "Page suivante", "Previous page": "Page précédente", "Clear watch history?": "Êtes-vous sûr de vouloir supprimer l'historique des vidéos regardées ?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Oui", @@ -82,6 +85,7 @@ "Data preferences": "Préférences liées aux données", "Clear watch history": "Supprimer l'historique des vidéos regardées", "Import/export data": "Importer/exporter les données", + "Change password": "", "Manage subscriptions": "Gérer les abonnements", "Manage tokens": "", "Watch history": "Historique de visionnage", diff --git a/locales/it.json b/locales/it.json index 05700de8..3c938ffb 100644 --- a/locales/it.json +++ b/locales/it.json @@ -13,6 +13,9 @@ "Next page": "Pagina successiva", "Previous page": "Pagina precedente", "Clear watch history?": "Sei sicuro di voler cancellare la cronologia dei video guardati?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Si", @@ -82,6 +85,7 @@ "Data preferences": "Preferenze dati", "Clear watch history": "Cancella la cronologia dei video guardati", "Import/export data": "Importazione/esportazione dati", + "Change password": "", "Manage subscriptions": "Gestisci le iscrizioni", "Manage tokens": "", "Watch history": "Cronologia dei video", diff --git a/locales/nb_NO.json b/locales/nb_NO.json index 382a951b..5adeeeeb 100644 --- a/locales/nb_NO.json +++ b/locales/nb_NO.json @@ -13,6 +13,9 @@ "Next page": "Neste side", "Previous page": "Forrige side", "Clear watch history?": "Tøm visningshistorikk?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Ja", @@ -82,6 +85,7 @@ "Data preferences": "Datainnstillinger", "Clear watch history": "Tøm visningshistorikk", "Import/export data": "Importer/eksporter data", + "Change password": "", "Manage subscriptions": "Behandle abonnementer", "Manage tokens": "", "Watch history": "Visningshistorikk", diff --git a/locales/nl.json b/locales/nl.json index 9d9dac9e..29e38e1c 100644 --- a/locales/nl.json +++ b/locales/nl.json @@ -13,6 +13,9 @@ "Next page": "Volgende pagina", "Previous page": "Vorige pagina", "Clear watch history?": "Kijk geschiedenis wissen?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Ja", @@ -82,6 +85,7 @@ "Data preferences": "Gegevens voorkeuren", "Clear watch history": "Kijkgeschiedenis wissen", "Import/export data": "Importeer/Exporteer gegevens", + "Change password": "", "Manage subscriptions": "Abonnees beheren", "Manage tokens": "", "Watch history": "Kijkgeschiedenis", diff --git a/locales/pl.json b/locales/pl.json index d970f8c9..745f8a79 100644 --- a/locales/pl.json +++ b/locales/pl.json @@ -13,6 +13,9 @@ "Next page": "Następna strona", "Previous page": "Poprzednia strona", "Clear watch history?": "Wyczyścić historię?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Tak", @@ -82,6 +85,7 @@ "Data preferences": "Preferencje danych", "Clear watch history": "Wyczyść historię", "Import/export data": "Import/Eksport danych", + "Change password": "", "Manage subscriptions": "Organizuj subskrybcje", "Manage tokens": "", "Watch history": "Historia", diff --git a/locales/ru.json b/locales/ru.json index 49a94436..79536302 100644 --- a/locales/ru.json +++ b/locales/ru.json @@ -13,6 +13,9 @@ "Next page": "Следующая страница", "Previous page": "Предыдущая страница", "Clear watch history?": "Очистить историю просмотров?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Да", @@ -82,6 +85,7 @@ "Data preferences": "Настройки данных", "Clear watch history": "Очистить историю просмотра", "Import/export data": "Импорт/Экспорт данных", + "Change password": "", "Manage subscriptions": "Управление подписками", "Manage tokens": "", "Watch history": "История просмотров", diff --git a/locales/uk.json b/locales/uk.json index 023db237..02fa563f 100644 --- a/locales/uk.json +++ b/locales/uk.json @@ -13,6 +13,9 @@ "Next page": "Наступна сторінка", "Previous page": "Попередня сторінка", "Clear watch history?": "Очистити історію переглядів?", + "New password": "", + "New passwords must match": "", + "Cannot change password for Google accounts": "", "Authorize token?": "", "Authorize token for `x`?": "", "Yes": "Так", @@ -82,6 +85,7 @@ "Data preferences": "Налаштування даних", "Clear watch history": "Очистити історію переглядів", "Import/export data": "Імпорт і експорт даних", + "Change password": "", "Manage subscriptions": "Керування підписками", "Manage tokens": "", "Watch history": "Історія переглядів", diff --git a/src/invidious.cr b/src/invidious.cr index fb8ebbe4..3780a2f0 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -1875,6 +1875,86 @@ post "/data_control" do |env| env.redirect referer end +get "/change_password" do |env| + locale = LOCALES[env.get("preferences").as(Preferences).locale]? + + user = env.get? "user" + sid = env.get? "sid" + referer = get_referer(env) + + if user + user = user.as(User) + sid = sid.as(String) + csrf_token = generate_response(sid, {":change_password"}, HMAC_KEY, PG_DB) + + templated "change_password" + else + env.redirect referer + end +end + +post "/change_password" do |env| + locale = LOCALES[env.get("preferences").as(Preferences).locale]? + + user = env.get? "user" + sid = env.get? "sid" + referer = get_referer(env) + + if user + user = user.as(User) + sid = sid.as(String) + token = env.params.body["csrf_token"]? + + # We don't store passwords for Google accounts + if !user.password + error_message = "Cannot change password for Google accounts" + next templated "error" + end + + begin + validate_request(token, sid, env.request, HMAC_KEY, PG_DB, locale) + rescue ex + error_message = ex.message + env.response.status_code = 400 + next templated "error" + end + + password = env.params.body["password"]? + if !password + error_message = translate(locale, "Password is a required field") + next templated "error" + end + + new_passwords = env.params.body.select { |k, v| k.match(/^new_password\[\d+\]$/) }.map { |k, v| v } + + if new_passwords.size <= 1 || new_passwords.uniq.size != 1 + error_message = translate(locale, "New passwords must match") + next templated "error" + end + + new_password = new_passwords.uniq[0] + if new_password.empty? + error_message = translate(locale, "Password cannot be empty") + next templated "error" + end + + if new_password.size > 55 + error_message = translate(locale, "Password cannot be longer than 55 characters") + next templated "error" + end + + if Crypto::Bcrypt::Password.new(user.password.not_nil!) != password + error_message = translate(locale, "Incorrect password") + next templated "error" + end + + new_password = Crypto::Bcrypt::Password.create(new_password, cost: 10) + PG_DB.exec("UPDATE users SET password = $1 WHERE email = $2", new_password.to_s, user.email) + end + + env.redirect referer +end + get "/delete_account" do |env| locale = LOCALES[env.get("preferences").as(Preferences).locale]? diff --git a/src/invidious/views/change_password.ecr b/src/invidious/views/change_password.ecr new file mode 100644 index 00000000..2e68556b --- /dev/null +++ b/src/invidious/views/change_password.ecr @@ -0,0 +1,32 @@ +<% content_for "header" do %> +<%= translate(locale, "Change password") %> - Invidious +<% end %> + +
+
+
+
+
+ <%= translate(locale, "Change password") %> + +
+ + "> + + + "> + + + "> + + + + +
+
+
+
+
+
diff --git a/src/invidious/views/preferences.ecr b/src/invidious/views/preferences.ecr index 1af53488..5d2c35b1 100644 --- a/src/invidious/views/preferences.ecr +++ b/src/invidious/views/preferences.ecr @@ -213,6 +213,10 @@ function update_value(element) { <%= translate(locale, "Clear watch history") %> +
+ <%= translate(locale, "Change password") %> +
+
<%= translate(locale, "Import/export data") %>