Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update some authentication related checks #111

Open
wants to merge 13 commits into
base: dev
Choose a base branch
from
Open

Update some authentication related checks #111

wants to merge 13 commits into from
+14,353 −14,173

Conversation

jonbarrow
Copy link
Member

Resolves #XXX

Changes:

These changes have been hot-patched in the prod servers for a long time now. This PR simply brings them upstream. Changes include:

  • Only allowing Basic auth in some endpoints
  • Validating that an access token came from a console by checking it's system type
  • Validating the device certificate padding section

Marking as draft for now since I hate the way the "check the system type" feature was implemented. It's a hack, and I want to change it. There's also a couple open issues now directly relating to tokens which we may want to implement here first before merging? Unsure, would like some opinions.

@jonbarrow jonbarrow marked this pull request as ready for review October 19, 2024 14:00
DaniElectra
DaniElectra reviewed Oct 29, 2024
View reviewed changes
src/nintendo-certificate.ts
@@ -137,7 +146,7 @@ class NintendoCertificate {
this.consoleType = '3ds';
}

this._verifySignature();
this._verifySignatureECDSA(); // * Force it to use the expected certificate type
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this changed?

@binaryoverload
Copy link
Member

This reflects the hot patches on the account server. A couple things:

  • In src/services/nnas/routes/support.ts there is sendConfirmationEmail and sendForgotPasswordEmail commented out - do we want to keep these disabled?
  • The following code for src/services/nasc/routes/ac.ts was changed, do we need to carry this over into this PR also? See below:
diff --git a/src/services/nasc/routes/ac.ts b/src/services/nasc/routes/ac.ts
index 1a8c616..d126ed9 100644
--- a/src/services/nasc/routes/ac.ts
+++ b/src/services/nasc/routes/ac.ts
@@ -40,7 +40,7 @@ router.post('/', async (request: express.Request, response: express.Response): P
 
        if (server.maintenance_mode) {
                // TODO - FIND THE REAL UNDER MAINTENANCE ERROR CODE. 110 IS NOT IT
-               response.status(200).send(nascError('110').toString());
+               response.status(503).send(nascError('101').toString());
                return;
        }
 
@@ -112,4 +112,4 @@ async function processServiceTokenRequest(server: HydratedServerDocument, pid: n
        });
 }
 
-export default router;
\ No newline at end of file
+export default router;

@jonbarrow jonbarrow mentioned this pull request Jan 29, 2025
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DaniElectra DaniElectra DaniElectra left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jonbarrow @binaryoverload @DaniElectra