h1or4dme8/osu-lazer
1
0
Fork 0
mirror of https://github.com/ppy/osu.git synced 2026-05-17 13:23:00 +08:00
Code Issues Releases Wiki Activity
Files
c8bfb34117b47c0d701fb80596bc6e6bca152ece
osu-lazer/osu.Game/Online/API/Requests/VerifySessionRequest.cs
T
Bartłomiej Dach 933fbd274d Fix incorrect handling of user verification failure response (#35629) 
`VerificationFailureResponse.RequiredSessionVerificationMethod` not
being nullable means that if it was missing in the verification
response, it would not be `null` but default to `TimedOneTimePassword`
instead, therefore showing TOTP-related error messages to users that
never enabled it rather than the user-facing message they were supposed
to.

Most easily tested on a local full-stack environment with

```diff
diff --git a/app/Libraries/SessionVerification/MailState.php b/app/Libraries/SessionVerification/MailState.php
index 305a2794ec0..3c2d15f335b 100644
--- a/app/Libraries/SessionVerification/MailState.php
+++ b/app/Libraries/SessionVerification/MailState.php
@@ -14,7 +14,7 @@ use Carbon\CarbonImmutable;

 class MailState
 {
-    private const KEY_VALID_DURATION = 600;
+    private const KEY_VALID_DURATION = 10;

     public readonly CarbonImmutable $expiresAt;
     public readonly string $key;
```

applied so that you don't have to wait 10 minutes to trigger the
failure.
2025-11-06 23:21:26 +09:00

51 lines
1.5 KiB
C#
Raw Blame History

// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the MIT Licence.
// See the LICENCE file in the repository root for full licence text.
using System.Net.Http;
using Newtonsoft.Json;
using osu.Framework.IO.Network;
using osu.Game.Online.API.Requests.Responses;
namespace osu.Game.Online.API.Requests
{
public class VerifySessionRequest : APIRequest
{
public readonly string VerificationKey;
public VerifySessionRequest(string verificationKey)
{
VerificationKey = verificationKey;
Failure += _ =>
{
string? response = WebRequest?.GetResponseString();
if (string.IsNullOrEmpty(response))
return;
var responseObject = JsonConvert.DeserializeObject<VerificationFailureResponse>(response);
RequiredVerificationMethod = responseObject?.RequiredSessionVerificationMethod;
};
}
protected override WebRequest CreateWebRequest()
{
var req = base.CreateWebRequest();
req.Method = HttpMethod.Post;
req.AddParameter(@"verification_key", VerificationKey);
return req;
}
protected override string Target => @"session/verify";
public SessionVerificationMethod? RequiredVerificationMethod { get; internal set; }
private class VerificationFailureResponse
{
[JsonProperty("method")]
public SessionVerificationMethod? RequiredSessionVerificationMethod { get; set; }
}
}
}
Reference in New Issue View Git Blame Copy Permalink