Skip to content

Commit

Permalink
Merge pull request #1081 from Abby-Wheelis/no-fishy-qr-codes
Browse files Browse the repository at this point in the history 
💪 Increase checks for scanned QR code
  • Loading branch information
@shankari
shankari authored Oct 25, 2023
2 parents 1b732f7 + 2d930f8 commit 8dfcd29
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 4 deletions.
5 changes: 5 additions & 0 deletions www/js/components/QrCode.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ export function shareQR(message) {
}

const QrCode = ({ value, ...rest }) => {
let hasLink = value.toString().includes("//");
if(!hasLink) {
value = "emission://login_token?token=" + value;
}

return <QRCode className="qr-code" value={value} style={[{ width: '100%', height: '100%' }, rest.style] as any} {...rest} />;
};

Expand Down
18 changes: 14 additions & 4 deletions www/js/onboarding/WelcomePage.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { Button, Dialog, Divider, IconButton, Surface, Text, TextInput, Touchabl
import color from 'color';
import { initByUser } from '../config/dynamicConfig';
import { AppContext } from '../App';
import { displayError } from "../plugin/logger";
import { displayError, logDebug } from "../plugin/logger";
import { onboardingStyles } from './OnboardingStack';
import { Icon } from '../components/Icon';

Expand All @@ -20,12 +20,22 @@ const WelcomePage = () => {
const [infoPopupVis, setInfoPopupVis] = useState(false);
const [existingToken, setExistingToken] = useState('');

const checkURL = function (result) {
let notCancelled = result.cancelled == false;
let isQR = result.format == "QR_CODE";
let hasPrefix = result.text.split(":")[0] == "emission";
let hasToken = result.text.includes("login_token?token");

logDebug("QR code " + result.text + " checks: cancel, format, prefix, params " + notCancelled + isQR + hasPrefix + hasToken);

return notCancelled && isQR && hasPrefix && hasToken;
}

const scanCode = function() {
window.cordova.plugins.barcodeScanner.scan(
window['cordova'].plugins.barcodeScanner.scan(
function (result) {
console.debug("scanned code", result);
if (result.format == "QR_CODE" &&
result.cancelled == false) {
if (checkURL(result)) {
let text = result.text.split("=")[1];
console.log("found code", text);
loginWithToken(text);
Expand Down

0 comments on commit 8dfcd29

Please sign in to comment.