diginaut/staticshield
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Parse the challenge response from the mothership

Browse Source
This commit is contained in:
Michiel Scholten
2025-03-18 15:42:04 +01:00
parent 69d1383c50
commit 8a91748473
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
staticshield.py
View File

@@ -1,3 +1,4 @@
import json
import os import os
import urllib.request import urllib.request
from logging.config import dictConfig from logging.config import dictConfig
@@ -63,10 +64,6 @@ def all_routes(path):
redirect_path = '/' redirect_path = '/'
if len(secret_redirect_split) > 1: if len(secret_redirect_split) > 1:
redirect_path = '/'.join(secret_redirect_split[1:]) redirect_path = '/'.join(secret_redirect_split[1:])
app.logger.info('starting new session with secret "%s"', secret)
print(f'afterwards, redirecting to "{redirect_path}"')
us = f'{request.host_url}{path}'
print(us)
# Ask the mothership if the secret is known to them, to prevent someone from just making up a URL # Ask the mothership if the secret is known to them, to prevent someone from just making up a URL
# Mothership will invalidate this secret token upon handling this request to prevent replay # Mothership will invalidate this secret token upon handling this request to prevent replay
try: try:
@@ -74,9 +71,18 @@ def all_routes(path):
with urllib.request.urlopen(f'{MOTHERSHIP}/verify/{secret}') as response: with urllib.request.urlopen(f'{MOTHERSHIP}/verify/{secret}') as response:
challenge_response = response.read() challenge_response = response.read()
print(challenge_response) print(challenge_response)
try:
# Expects a JSON dict with {'correct': true/false}
challenge_response_dict = json.loads(challenge_response)
if challenge_response_dict.get('correct', False):
# Start session if challenge response was successful # Start session if challenge response was successful
session['id'] = secret session['id'] = secret
app.logger.info('starting new session with secret "%s", afterwards redirecting to %s', secret, redirect_path)
return redirect(redirect_path) return redirect(redirect_path)
app.logger.warning('new session aborted, secret "%s" was incorrect, not redirecting to %s', secret, redirect_path)
except ValueError as e:
app.logger.error('Error while decoding challenge response: %s', str(e))
return 'Unable to set up session', 403
except urllib.error.URLError as e: except urllib.error.URLError as e:
app.logger.error('lolwtf, server not found: %s', str(e.reason)) app.logger.error('lolwtf, server not found: %s', str(e.reason))
return 'Unable to set up session', 403 return 'Unable to set up session', 403