Empty cookie security risk bug fix 610 (#646)

Empty cookie security risk bug fix 610
Ride-The-Lightning · Apr 10, 2021 · 28613b7 · 28613b7
1 parent fac8163
commit 28613b7
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 24 deletions.
diff --git a/angular/index.html b/angular/index.html
@@ -15,5 +15,5 @@
 <link rel="stylesheet" href="styles.b35f0c91ac1afc1dfb9f.css"></head>
 <body>
   <rtl-app></rtl-app>
-<script src="runtime.fd57bfc20cc9b5dfebac.js" defer></script><script src="polyfills.a290c5ced4c403cfee17.js" defer></script><script src="main.3111ad8dd8376a90f17a.js" defer></script></body>
+<script src="runtime.fd57bfc20cc9b5dfebac.js" defer></script><script src="polyfills.a290c5ced4c403cfee17.js" defer></script><script src="main.9ba621d7b7aa40c954e1.js" defer></script></body>
 </html>
diff --git a/angular/main.3111ad8dd8376a90f17a.js b/angular/main.3111ad8dd8376a90f17a.js
diff --git a/angular/main.9ba621d7b7aa40c954e1.js b/angular/main.9ba621d7b7aa40c954e1.js
diff --git a/controllers/shared/authenticate.js b/controllers/shared/authenticate.js
@@ -50,15 +50,15 @@ exports.authenticateUser = (req, res, next) => {
   if(+common.rtl_sso) {
     if(req.body.authenticateWith === 'JWT' && jwt.verify(req.body.authenticationValue, common.secret_key)) {
       res.status(200).json({ token: token });
-    } else if (req.body.authenticateWith === 'PASSWORD' && crypto.createHash('sha256').update(common.cookie).digest('hex') === req.body.authenticationValue) {
+    } else if (req.body.authenticateWith === 'PASSWORD' && common.cookie.trim() !== '' && crypto.createHash('sha256').update(common.cookie).digest('hex') === req.body.authenticationValue) {
       connect.refreshCookie(common.rtl_cookie_path);
       const token = jwt.sign(
         { user: 'SSO_USER', configPath: common.nodes[0].config_path, macaroonPath: common.nodes[0].macaroon_path },
         common.secret_key
       );
       res.status(200).json({ token: token });
     } else {
-      logger.error({fileName: 'Authenticate', lineNum: 20, msg: 'SSO Authentication Failed!'});
+      logger.error({fileName: 'Authenticate', lineNum: 61, msg: 'SSO Authentication Failed!'});
       res.status(406).json({
         message: "Login Failure!",
         error: "SSO Authentication Failed!"
@@ -72,7 +72,7 @@ exports.authenticateUser = (req, res, next) => {
     if (common.rtl_pass === password && failed.count < ALLOWED_LOGIN_ATTEMPTS) {
       if (req.body.twoFAToken && req.body.twoFAToken !== '') {
         if (!this.verifyToken(req.body.twoFAToken)) {
-          logger.error({fileName: 'Authenticate', lineNum: 61, msg: 'Invalid Token! Failed IP ' + reqIP});
+          logger.error({fileName: 'Authenticate', lineNum: 75, msg: 'Invalid Token! Failed IP ' + reqIP});
           failed.count = failed.count + 1;
           failed.lastTried = currentTime;
           return res.status(401).json(handleError(failed, currentTime, 'Invalid 2FA Token!'));
@@ -86,7 +86,7 @@ exports.authenticateUser = (req, res, next) => {
       );
       res.status(200).json({ token: token });
     } else {
-      logger.error({fileName: 'Authenticate', lineNum: 85, msg: 'Invalid Password! Failed IP ' + reqIP});
+      logger.error({fileName: 'Authenticate', lineNum: 89, msg: 'Invalid Password! Failed IP ' + reqIP});
       failed.count = common.rtl_pass !== password ? (failed.count + 1) : failed.count;
       failed.lastTried = common.rtl_pass !== password ? currentTime : failed.lastTried;
       return res.status(401).json(handleError(failed, currentTime, 'Invalid Password!'));
@@ -96,7 +96,7 @@ exports.authenticateUser = (req, res, next) => {
 
 exports.resetPassword = (req, res, next) => {
   if(+common.rtl_sso) {
-    logger.error({fileName: 'Authenticate', lineNum: 47, msg: 'Password Reset Failed!'});
+    logger.error({fileName: 'Authenticate', lineNum: 99, msg: 'Password Reset Failed!'});
     res.status(401).json({
       message: "Password Reset Failed!",
       error: "Password cannot be reset for SSO authentication!"
@@ -112,7 +112,7 @@ exports.resetPassword = (req, res, next) => {
       );
       res.status(200).json({ token: token });
     } else {
-      logger.error({fileName: 'Authenticate', lineNum: 63, msg: 'Password Reset Failed!'});
+      logger.error({fileName: 'Authenticate', lineNum: 115, msg: 'Password Reset Failed!'});
       res.status(401).json({
         message: "Password Reset Failed!",
         error: "Old password is not correct!"

diff --git a/src/app/app.component.ts b/src/app/app.component.ts
@@ -95,7 +95,11 @@ export class AppComponent implements OnInit, AfterViewInit, OnDestroy {
       if (action.type === RTLActions.SET_RTL_CONFIG) {
         if (!this.sessionService.getItem('token')) {
           if (+action.payload.sso.rtlSSO) {
-            this.store.dispatch(new RTLActions.Login({password: sha256(this.accessKey), defaultPassword: false}));
+            if(!this.accessKey || this.accessKey.trim() === '') {
+              this.router.navigate(['./error'], { state: {errorCode: '406', errorMessage: 'Invalid access key.'} });
+            } else {
+              this.store.dispatch(new RTLActions.Login({password: sha256(this.accessKey), defaultPassword: false}));
+            }
           } else {
             this.router.navigate(['./login']);
           }
@@ -126,7 +130,7 @@ export class AppComponent implements OnInit, AfterViewInit, OnDestroy {
 
   private readAccessKey() {
     const url = window.location.href;
-    return url.includes('access-key=') ? url.substring(url.lastIndexOf('access-key=') + 11).trim() : '';
+    return url.includes('access-key=') ? url.substring(url.lastIndexOf('access-key=') + 11).trim() : null;
   }
 
   ngAfterViewInit() {

diff --git a/src/app/shared/components/error/error.component.html b/src/app/shared/components/error/error.component.html
@@ -1,17 +1,16 @@
-<div fxLayout="row" fxLayoutAlign="start center" class="page-title-container">
-  <fa-icon [icon]="faTimes" class="page-title-img mr-1"></fa-icon>
-  <span class="page-title">Error {{error.errorCode}}</span>
-</div>
-<div fxLayout="column" class="padding-gap-x">
-  <mat-card>
-    <mat-card-content fxLayout="column" class="padding-gap-large">
-      <div fxLayout="column" fxLayoutAlign="start start">
-        <div class="box-text">{{error.errorMessage}}</div>
-        <span fxLayout="row" fxLayoutAlign="center" fxFlex="80">
-          <button mat-flat-button color="primary" class="mt-2" type="button" (click)="goToHelp()">Go To Help</button>
-        </span>
-      </div>
+<div fxLayout="row" fxFlex="100" fxLayoutAlign="center center">
+  <mat-card fxLayout="column" fxFlex="50" fxLayoutAlign="start center">
+    <mat-card-header fxLayout="row" fxLayoutAlign="center center" class="page-title-container padding-gap-large">
+      <mat-card-title class="font-size-300 font-bold-500">
+        <fa-icon [icon]="faTimes" class="page-title-img mr-1"></fa-icon>
+        <span class="page-title">Error {{error.errorCode}}</span>
+      </mat-card-title>
+    </mat-card-header>
+    <mat-card-content fxLayout="column" fxLayoutAlign="center center" class="padding-gap-large">
+      <div class="box-text font-size-120">{{error.errorMessage}}</div>
+      <span fxLayout="row" fxLayoutAlign="center" fxFlex="80">
+        <button mat-flat-button color="primary" class="mt-2" type="button" (click)="goToHelp()">Go To Help</button>
+      </span>
     </mat-card-content>
   </mat-card>
 </div>
-