From 02dee5ad0d825f0053f53697ffe70e78c79713a3 Mon Sep 17 00:00:00 2001
From: Janis Hutz <development@janishutz.com>
Date: Sat, 14 Oct 2023 10:50:50 +0200
Subject: [PATCH] bug fixes

---
 src/server/backend/plugins/payments/payrexx/payrexxRoutes.js | 3 +++
 src/server/backend/plugins/payments/stripe/stripeRoutes.js   | 3 +++
 src/server/backend/userRoutes.js                             | 4 +++-
 src/server/ui/en/signup/allowTwoFA.html                      | 5 ++---
 src/server/ui/en/signup/enforceTwoFA.html                    | 5 ++---
 5 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/server/backend/plugins/payments/payrexx/payrexxRoutes.js b/src/server/backend/plugins/payments/payrexx/payrexxRoutes.js
index f38cc50..6793610 100644
--- a/src/server/backend/plugins/payments/payrexx/payrexxRoutes.js
+++ b/src/server/backend/plugins/payments/payrexx/payrexxRoutes.js
@@ -13,6 +13,7 @@ const ticket = require( '../../../tickets/ticketGenerator.js' );
 const payrexxModule = require( './module.payrexx.js' );
 const payrexx = payrexxModule.init();
 const TicketGenerator = new ticket();
+const generator = require( '../../../token.js' );
 
 let sessionReference = {};
 let waitingClients = {};
@@ -101,6 +102,7 @@ module.exports = ( app, settings ) => {
                         response.write( 'data: ready\n\n' );
                         response.end();
                         delete waitingClients[ request.session.id ];
+                        request.session.id = generator.generateToken( 30 );
                     }, 2000 );
                 } else if ( stat === 'noTicket' ) {
                     clearInterval( ping );
@@ -120,6 +122,7 @@ module.exports = ( app, settings ) => {
             if ( !pendingPayments[ request.session.id ] ) {
                 const stat = TicketGenerator.getGenerationStatus( request.session.id );
                 if ( stat === 'done' ) {
+                    request.session.id = generator.generateToken( 30 );
                     response.send( { 'status': 'ticketOk' } );
                 } else if ( stat === 'noTicket' ) {
                     response.send( { 'status': 'noTicket' } );
diff --git a/src/server/backend/plugins/payments/stripe/stripeRoutes.js b/src/server/backend/plugins/payments/stripe/stripeRoutes.js
index 1128a99..0c79938 100644
--- a/src/server/backend/plugins/payments/stripe/stripeRoutes.js
+++ b/src/server/backend/plugins/payments/stripe/stripeRoutes.js
@@ -16,6 +16,7 @@ const stripe = require( 'stripe' )( stripeConfig[ 'APIKey' ] );
 const bodyParser = require( 'body-parser' );
 const ticket = require( '../../../tickets/ticketGenerator.js' );
 const TicketGenerator = new ticket();
+const generator = require( '../../../token.js' );
 
 const endpointSecret = stripeConfig[ 'endpointSecret' ];
 
@@ -103,6 +104,7 @@ module.exports = ( app, settings ) => {
                         response.write( 'data: ready\n\n' );
                         response.end();
                         delete waitingClients[ request.session.id ];
+                        request.session.id = generator.generateToken( 30 );
                     }, 2000 );
                 } else if ( stat === 'noTicket' ) {
                     clearInterval( ping );
@@ -122,6 +124,7 @@ module.exports = ( app, settings ) => {
             if ( !pendingPayments[ request.session.id ] ) {
                 const stat = TicketGenerator.getGenerationStatus( request.session.id );
                 if ( stat === 'done' ) {
+                    request.session.id = generator.generateToken( 30 );
                     response.send( { 'status': 'ticketOk' } );
                 } else if ( stat === 'noTicket' ) {
                     response.send( { 'status': 'noTicket' } );
diff --git a/src/server/backend/userRoutes.js b/src/server/backend/userRoutes.js
index c02aa67..f8087c9 100644
--- a/src/server/backend/userRoutes.js
+++ b/src/server/backend/userRoutes.js
@@ -178,7 +178,7 @@ module.exports = ( app, settings ) => {
                             'name': request.body.name, 
                             'two_fa': 'disabled', 
                             'user_data': JSON.stringify( { 'country': request.body.country } ), 
-                            'marketing': request.body.newsletter ? generator.generateToken( 60 ) : null 
+                            'marketing': request.body.newsletter ?? null 
                         } ).then( () => {
                             request.session.loggedInUser = true;
                             request.session.username = request.body.mail;
@@ -215,6 +215,8 @@ module.exports = ( app, settings ) => {
             if ( call === '2fa' ) {
                 db.writeDataSimple( 'users', 'email', request.session.username, { 'two_fa': request.body.twoFA } );
                 response.send( 'ok' );
+            } else {
+                response.status( 404 ).send( 'Not found' );
             }
         } else {
             response.status( 403 ).send( 'unauthorised' );
diff --git a/src/server/ui/en/signup/allowTwoFA.html b/src/server/ui/en/signup/allowTwoFA.html
index fa94970..97bedd3 100644
--- a/src/server/ui/en/signup/allowTwoFA.html
+++ b/src/server/ui/en/signup/allowTwoFA.html
@@ -90,11 +90,10 @@
         <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script>
         <script>
             function submitFunction () {
-                let code = document.getElementById( '2fa' ).value;
-                let data = '';
+                let mode = document.getElementById( '2fa' ).value;
                 let fetchOptions = {
                     method: 'post',
-                    body: JSON.stringify( { 'twoFA': data } ),
+                    body: JSON.stringify( { 'twoFA': mode } ),
                     headers: {
                         'Content-Type': 'application/json',
                         'charset': 'utf-8'
diff --git a/src/server/ui/en/signup/enforceTwoFA.html b/src/server/ui/en/signup/enforceTwoFA.html
index 32648a5..ccff007 100644
--- a/src/server/ui/en/signup/enforceTwoFA.html
+++ b/src/server/ui/en/signup/enforceTwoFA.html
@@ -89,11 +89,10 @@
         <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script>
         <script>
             function submitFunction () {
-                let code = document.getElementById( '2fa' ).value;
-                let data = '';
+                let mode = document.getElementById( '2fa' ).value;
                 let fetchOptions = {
                     method: 'post',
-                    body: JSON.stringify( { 'twoFA': data } ),
+                    body: JSON.stringify( { 'twoFA': mode } ),
                     headers: {
                         'Content-Type': 'application/json',
                         'charset': 'utf-8'