diff options
author | John Smith <mrdoctorwho@helldev.net> | 2022-09-03 15:19:09 +0300 |
---|---|---|
committer | John Smith <mrdoctorwho@helldev.net> | 2022-09-03 15:19:09 +0300 |
commit | 542abe296ea78d513df75bac80158c8c024d6f72 (patch) | |
tree | 2b7b1275af88fbe78b243f0a28631da2f8e72d9c | |
parent | e8f25a16832adb6b93fe8b50afdc9547e429389b (diff) |
-rw-r--r-- | library/vkapi.py | 2 | ||||
-rw-r--r-- | modules/mod_iq_register.py | 24 |
2 files changed, 17 insertions, 9 deletions
diff --git a/library/vkapi.py b/library/vkapi.py index 867afe2..20e8438 100644 --- a/library/vkapi.py +++ b/library/vkapi.py @@ -37,7 +37,7 @@ socket.setdefaulttimeout(SOCKET_TIMEOUT) logger = logging.getLogger("vk4xmpp") -token_exp = re.compile("(([\da-f]+){11,})", re.IGNORECASE) +token_exp = re.compile(r"access_token\=(([0-9a-zA-Z\-\._]+))") ERRORS = (httplib.BadStatusLine, urllib2.URLError, diff --git a/modules/mod_iq_register.py b/modules/mod_iq_register.py index 5fa270f..b2d4fda 100644 --- a/modules/mod_iq_register.py +++ b/modules/mod_iq_register.py @@ -63,14 +63,22 @@ def register_handler(cl, iq): logger.debug("user won't use a password (jid: %s)" % source) token = password password = None - # If not using a password, then we need to check if there a link or token. It's possible that user's wrong and that's a password. - match = api.token_exp.search(token) - if match: - token = match.group(0) - elif phone: - password = token - else: - result = utils.buildIQError(iq, xmpp.ERR_NOT_AUTHORIZED, _("Fill the fields!")) + # check if the supplied data is a link or a part of the link, instead of being a token + if "&" in token or "=" in token: + match = api.token_exp.search(token) + if match: + token = match.group(1) + # get rid of unnecessary data (if present) + token = token.split("&")[0] + else: + token = None + # fixme: if the user has their password + # starting with vk1, then we're doomed + elif not token.startswith("vk1"): + if phone: + password = token + elif token: + result = utils.buildIQError(iq, xmpp.ERR_NOT_AUTHORIZED, _("Fill the fields!")) # If phone or password (token) if token or (phone and password): |