From 7e8868eb5c66509c27283d2fb9cf7d50d13388c4 Mon Sep 17 00:00:00 2001 From: Lynne Date: Mon, 12 Nov 2018 20:58:41 +1000 Subject: [PATCH] much nicer method of ensuring that the user owns the CC account --- static/style.css | 13 ++----------- web.py | 5 ++--- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/static/style.css b/static/style.css index 7d3bffb..a77d839 100644 --- a/static/style.css +++ b/static/style.css @@ -22,6 +22,7 @@ h2 { bottom:2.5%; width:95%; font-size:0.8em; + left: 2.5%; } #footer, #footer a { color: #aaa; @@ -30,7 +31,7 @@ h2 { height:300px; width:300px; } -form, .profilecard, #question, #codebox { +form, .profilecard, #question { background-color: #444b5d; display:inline-block; padding:50px; @@ -97,13 +98,3 @@ button.fullwidth, .button.fullwidth { font-size: 1.2em; line-height:2.6em; } -.code { - background-color: white; - color: black; - font-size: 3em; - font-family: monospace; - display: inline-block; - padding: 15px; - border-radius: 10px; - margin: 15px; -} \ No newline at end of file diff --git a/web.py b/web.py index 491ce76..098bab9 100755 --- a/web.py +++ b/web.py @@ -204,13 +204,12 @@ def cc_connect_confirm(): @app.route('/internal/ccc_b') def ccc_b(): - session['cctemp']['challenge'] = random.randint(100000, 999999) #provided by CG - session['cctemp']['response'] = random.randint(100000, 999999) #user will be asked to answer with this code to prove it's really them + session['cctemp']['challenge'] = random.randint(100000, 999999) session.modified = True form_data = { "addressees": session['cctemp']['ccid'], "anon": "true", - "question": "Hi! Please respond to this question with the code given to you by Curious Greg. If you did not request this code, you may safely delete this question. Challenge: {}".format(session['cctemp']['challenge']) + "question": "Hi {}! Your Curious Greg authentication code is: {}. You may safely delete this question after entering the code. If you didn't request this, you can ignore this question.".format(session['acct'], session['cctemp']['challenge']) } r = requests.post("https://curiouscat.me/api/v2/post/create", data=form_data) j = r.json()