From 06ac2e98e175f83ae60385ac1739e2bd982c5a86 Mon Sep 17 00:00:00 2001 From: HojouFotytu <36724681+HojouFotytu@users.noreply.github.com> Date: Tue, 23 Feb 2021 16:20:51 +0900 Subject: [PATCH 1/2] API Mask & unlock settings --- Core/Main/PTMagicConfiguration.cs | 13 ++++++++----- Monitor/Pages/Login.cshtml.cs | 3 ++- Monitor/Pages/SettingsGeneral.cshtml | 2 +- Monitor/Pages/SettingsGeneral.cshtml.cs | 1 - Monitor/Pages/_Layout.cshtml | 2 +- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/Core/Main/PTMagicConfiguration.cs b/Core/Main/PTMagicConfiguration.cs index 3033a40..3931664 100644 --- a/Core/Main/PTMagicConfiguration.cs +++ b/Core/Main/PTMagicConfiguration.cs @@ -84,14 +84,17 @@ namespace Core.Main if (!this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Equals("")) { - result = this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Substring(0, 4); - - for (int i = 1; i < this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Length - 8; i++) + int tokenLength = this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Length; + if (tokenLength == 1) + { + result = "*"; + } + else + result = this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Substring(0, 1); + for (int i = 1; i < this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Length; i++) { result += "*"; } - - result += this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Substring(this.GeneralSettings.Application.ProfitTrailerServerAPIToken.Length - 4); } return result; diff --git a/Monitor/Pages/Login.cshtml.cs b/Monitor/Pages/Login.cshtml.cs index 6958d1a..44c35c5 100644 --- a/Monitor/Pages/Login.cshtml.cs +++ b/Monitor/Pages/Login.cshtml.cs @@ -30,7 +30,8 @@ namespace Monitor.Pages if (encryptedPassword.Equals(PTMagicConfiguration.SecureSettings.MonitorPassword)) { HttpContext.Session.SetString("LoggedIn" + PTMagicConfiguration.GeneralSettings.Monitor.Port.ToString(), DateTime.UtcNow.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'")); - + PTMagicConfiguration.GeneralSettings.Monitor.IsPasswordProtected = true; + PTMagicConfiguration.WriteGeneralSettings(); if (cbRememberMe != null) { if (cbRememberMe.Equals("on", StringComparison.InvariantCultureIgnoreCase)) diff --git a/Monitor/Pages/SettingsGeneral.cshtml b/Monitor/Pages/SettingsGeneral.cshtml index 87caf80..168434d 100644 --- a/Monitor/Pages/SettingsGeneral.cshtml +++ b/Monitor/Pages/SettingsGeneral.cshtml @@ -86,7 +86,7 @@
- + @Model.PTMagicConfiguration.GetProfitTrailerServerAPITokenMasked()
diff --git a/Monitor/Pages/SettingsGeneral.cshtml.cs b/Monitor/Pages/SettingsGeneral.cshtml.cs index 7cf9d5c..5a031e3 100644 --- a/Monitor/Pages/SettingsGeneral.cshtml.cs +++ b/Monitor/Pages/SettingsGeneral.cshtml.cs @@ -71,7 +71,6 @@ namespace Monitor.Pages PTMagicConfiguration.GeneralSettings.Application.StartBalance = SystemHelper.TextToDouble(HttpContext.Request.Form["Application_StartBalance"], PTMagicConfiguration.GeneralSettings.Application.StartBalance, "en-US"); PTMagicConfiguration.GeneralSettings.Application.ProfitTrailerDefaultSettingName = HttpContext.Request.Form["Application_ProfitTrailerDefaultSettingName"]; - PTMagicConfiguration.GeneralSettings.Application.ProfitTrailerServerAPIToken = HttpContext.Request.Form["Application_ProfitTrailerServerAPIToken"]; PTMagicConfiguration.GeneralSettings.Application.TimezoneOffset = HttpContext.Request.Form["Application_TimezoneOffset"]; PTMagicConfiguration.GeneralSettings.Application.MainFiatCurrency = HttpContext.Request.Form["Application_MainFiatCurrency"]; diff --git a/Monitor/Pages/_Layout.cshtml b/Monitor/Pages/_Layout.cshtml index ccc4465..8096a29 100644 --- a/Monitor/Pages/_Layout.cshtml +++ b/Monitor/Pages/_Layout.cshtml @@ -107,7 +107,7 @@ } else {
  • - Settings + Settings
    • } From 3a250132b33822047517fa33ed0a694d05dbb2f1 Mon Sep 17 00:00:00 2001 From: djbadders <34887832+djbadders@users.noreply.github.com> Date: Tue, 23 Feb 2021 21:27:42 +0000 Subject: [PATCH 2/2] Improvement to the security to clear any content from the rendering pipeline before redirect --- Monitor/_Internal/BasePageModelSecure.cs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Monitor/_Internal/BasePageModelSecure.cs b/Monitor/_Internal/BasePageModelSecure.cs index 080b8ef..d0a2917 100644 --- a/Monitor/_Internal/BasePageModelSecure.cs +++ b/Monitor/_Internal/BasePageModelSecure.cs @@ -1,4 +1,5 @@ -using System; +using System.Net; +using System; using Microsoft.AspNetCore.Http; using Core.Main; using Core.Helper; @@ -27,7 +28,8 @@ namespace Monitor._Internal // Security check if (!IsLoggedIn(this.HttpContext)) { - HttpContext.Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + _redirectUrl); + this.HttpContext.Response.Clear(); + this.HttpContext.Response.Redirect(PTMagicConfiguration.GeneralSettings.Monitor.RootUrl + _redirectUrl); } }