patrick/sojorn
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

fix: disable turnstile for admin login and troubleshooting

Browse source
This commit is contained in:
Patrick Britton 2026-02-16 21:18:05 -06:00
parent 1de9997476
commit c1463256d2
13 changed files with 49 additions and 327 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
admin/src/app/login/page.tsx
View file

@ -80,6 +80,7 @@ export default function LoginPage() {
e.preventDefault();
setError('');
/*
// Invisible Turnstile flow:
// - If we don't have a token yet, execute Turnstile first.
// - If we already have a token, proceed with login.
@ -93,6 +94,7 @@ export default function LoginPage() {
setError('Please complete the security check first.');
return;
}
*/
await performLogin();
};

BIN
go-backend/api Normal file
View file

Binary file not shown.

48
go-backend/internal/handlers/admin_handler.go
View file

@ -81,30 +81,32 @@ func (h *AdminHandler) AdminLogin(c *gin.Context) {
}
req.Email = strings.ToLower(strings.TrimSpace(req.Email))
// Verify Turnstile token
if h.turnstileSecret != "" {
if strings.TrimSpace(req.TurnstileToken) == "" {
log.Warn().Str("email", req.Email).Msg("Admin login: missing Turnstile token")
c.JSON(http.StatusBadRequest, gin.H{"error": "Security verification failed"})
return
/*
// Verify Turnstile token
if h.turnstileSecret != "" {
if strings.TrimSpace(req.TurnstileToken) == "" {
log.Warn().Str("email", req.Email).Msg("Admin login: missing Turnstile token")
c.JSON(http.StatusBadRequest, gin.H{"error": "Security verification failed"})
return
}
turnstileService := services.NewTurnstileService(h.turnstileSecret)
turnstileResp, err := turnstileService.VerifyToken(req.TurnstileToken, "")
if err != nil {
log.Error().Err(err).Msg("Admin login: Turnstile verification failed")
c.JSON(http.StatusBadRequest, gin.H{"error": "Security verification failed"})
return
}
if !turnstileResp.Success {
log.Warn().
Strs("errors", turnstileResp.ErrorCodes).
Str("hostname", turnstileResp.Hostname).
Str("action", turnstileResp.Action).
Msg("Admin login: Turnstile validation failed")
c.JSON(http.StatusBadRequest, gin.H{"error": "Security verification failed"})
return
}
}
turnstileService := services.NewTurnstileService(h.turnstileSecret)
turnstileResp, err := turnstileService.VerifyToken(req.TurnstileToken, "")
if err != nil {
log.Error().Err(err).Msg("Admin login: Turnstile verification failed")
c.JSON(http.StatusBadRequest, gin.H{"error": "Security verification failed"})
return
}
if !turnstileResp.Success {
log.Warn().
Strs("errors", turnstileResp.ErrorCodes).
Str("hostname", turnstileResp.Hostname).
Str("action", turnstileResp.Action).
Msg("Admin login: Turnstile validation failed")
c.JSON(http.StatusBadRequest, gin.H{"error": "Security verification failed"})
return
}
}
*/
// Look up user
var userID uuid.UUID

2
go-backend/internal/handlers/auth_handler.go
View file

@ -50,7 +50,7 @@ type RegisterRequest struct {
type LoginRequest struct {
Email string `json:"email" binding:"required,email"`
Password string `json:"password" binding:"required"`
TurnstileToken string `json:"turnstile_token" binding:"required"`
TurnstileToken string `json:"turnstile_token"`
}
func (h *AuthHandler) Register(c *gin.Context) {

2
go-backend/internal/repository/user_repository.go
View file

@ -993,7 +993,7 @@ func (r *UserRepository) DeletePasswordResetToken(ctx context.Context, tokenHash
}
func (r *UserRepository) UpdateUserPassword(ctx context.Context, userID string, passwordHash string) error {
query := `UPDATE public.users SET password_hash = $1, updated_at = NOW() WHERE id = $2::uuid`
query := `UPDATE public.users SET encrypted_password = $1, updated_at = NOW() WHERE id = $2::uuid`
_, err := r.pool.Exec(ctx, query, passwordHash, userID)
return err
}

1
go-backend/scripts/check_user.sql Normal file
View file

@ -0,0 +1 @@
SELECT id, email, status, deleted_at, encrypted_password FROM users WHERE email = 'patrickbritton3@gmail.com';

12
go-backend/scripts/hash_generator.go Normal file
View file

@ -0,0 +1,12 @@
package main
import (
"fmt"
"golang.org/x/crypto/bcrypt"
)
func main() {
hash, _ := bcrypt.GenerateFromPassword([]byte("password123"), bcrypt.DefaultCost)
fmt.Println(string(hash))
}

1
go-backend/scripts/make_admin.sql Normal file
View file

@ -0,0 +1 @@
UPDATE profiles SET role = 'admin' WHERE id IN (SELECT id FROM users WHERE email IN ('patrickbritton3@gmail.com', 'patrickbritton@live.com'));

3
go-backend/scripts/reset_password.sql Normal file
View file

@ -0,0 +1,3 @@
CREATE EXTENSION IF NOT EXISTS pgcrypto;
UPDATE users SET encrypted_password = crypt('password123', gen_salt('bf')) WHERE email = 'patrickbritton3@gmail.com';
UPDATE users SET encrypted_password = crypt('password123', gen_salt('bf')) WHERE email = 'patrickbritton@live.com';

4
sojorn_app/lib/screens/auth/forgot_password_screen.dart
View file

@ -65,7 +65,7 @@ class _ForgotPasswordScreenState extends ConsumerState<ForgotPasswordScreen> {
backgroundColor: Colors.transparent,
elevation: 0,
leading: IconButton(
icon: const Icon(Icons.arrow_back, color: AppTheme.navyText),
icon: Icon(Icons.arrow_back, color: AppTheme.navyText),
onPressed: () => Navigator.of(context).pop(),
),
),
@ -106,7 +106,7 @@ class _ForgotPasswordScreenState extends ConsumerState<ForgotPasswordScreen> {
? Column(
mainAxisSize: MainAxisSize.min,
children: [
const Icon(
Icon(
Icons.mark_email_read_outlined,
size: 64,
color: AppTheme.success,

2
sojorn_app/lib/screens/auth/sign_in_screen.dart
View file

@ -420,7 +420,7 @@ class _SignInScreenState extends ConsumerState<SignInScreen> {
child: Text(
'Forgot Password?',
style: AppTheme.textTheme.labelSmall?.copyWith(
color: AppTheme.primary,
color: AppTheme.brightNavy,
fontWeight: FontWeight.w600,
),
),

102
turnstile_service_fixed.go
View file

@ -1,102 +0,0 @@
package services
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"time"
)
type TurnstileService struct {
secretKey string
client *http.Client
}
type TurnstileResponse struct {
Success bool `json:"success"`
ErrorCodes []string `json:"error-codes,omitempty"`
ChallengeTS string `json:"challenge_ts,omitempty"`
Hostname string `json:"hostname,omitempty"`
Action string `json:"action,omitempty"`
Cdata string `json:"cdata,omitempty"`
}
func NewTurnstileService(secretKey string) *TurnstileService {
return &TurnstileService{
secretKey: secretKey,
client: &http.Client{
Timeout: 10 * time.Second,
},
}
}
// VerifyToken validates a Turnstile token with Cloudflare
func (s *TurnstileService) VerifyToken(token, remoteIP string) (*TurnstileResponse, error) {
// Allow bypass token for development (Flutter web)
if token == "BYPASS_DEV_MODE" {
return &TurnstileResponse{Success: true}, nil
}
if s.secretKey == "" {
// If no secret key is configured, skip verification (for development)
return &TurnstileResponse{Success: true}, nil
}
// Prepare the request data
data := fmt.Sprintf(
"secret=%s&response=%s",
s.secretKey,
token,
)
if remoteIP != "" {
data += fmt.Sprintf("&remoteip=%s", remoteIP)
}
// Make the request to Cloudflare
resp, err := s.client.Post(
"https://challenges.cloudflare.com/turnstile/v0/siteverify",
"application/x-www-form-urlencoded",
bytes.NewBufferString(data),
)
if err != nil {
return nil, fmt.Errorf("failed to verify turnstile token: %w", err)
}
defer resp.Body.Close()
// Read the response
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read turnstile response: %w", err)
}
// Parse the response
var result TurnstileResponse
if err := json.Unmarshal(body, &result); err != nil {
return nil, fmt.Errorf("failed to parse turnstile response: %w", err)
}
return &result, nil
}
// GetErrorMessage returns a user-friendly error message for error codes
func (s *TurnstileService) GetErrorMessage(errorCodes []string) string {
errorMessages := map[string]string{
"missing-input-secret": "Server configuration error",
"invalid-input-secret": "Server configuration error",
"missing-input-response": "Please complete the security check",
"invalid-input-response": "Security check failed, please try again",
"bad-request": "Invalid request format",
"timeout-or-duplicate": "Security check expired, please try again",
"internal-error": "Verification service unavailable",
}
for _, code := range errorCodes {
if msg, exists := errorMessages[code]; exists {
return msg
}
}
return "Security verification failed"
}

197
verified_fixed.html
View file

@ -1,197 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Email Verification - Sojorn</title>
<link href="https://fonts.googleapis.com/css2?family=Outfit:wght@400;600;700&display=swap" rel="stylesheet">
<style>
:root {
--primary: #10B981;
--primary-dark: #059669;
--warning: #F59E0B;
--bg: #09090b;
--card: #18181b;
--text: #ffffff;
--text-muted: #a1a1aa;
}
* {
box-sizing: border-box;
margin: 0;
padding: 0;
}
body {
font-family: 'Outfit', sans-serif;
display: flex;
align-items: center;
justify-content: center;
min-height: 100vh;
background-color: var(--bg);
color: var(--text);
overflow: hidden;
}
.container {
text-align: center;
background: var(--card);
padding: 3rem;
border-radius: 24px;
box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.5);
max-width: 440px;
width: 90%;
border: 1px solid rgba(255, 255, 255, 0.1);
position: relative;
z-index: 10;
animation: slideUp 0.6s cubic-bezier(0.16, 1, 0.3, 1);
}
@keyframes slideUp {
from { opacity: 0; transform: translateY(20px); }
to { opacity: 1; transform: translateY(0); }
}
.icon-wrapper {
width: 80px;
height: 80px;
border-radius: 50%;
display: flex;
align-items: center;
justify-content: center;
margin: 0 auto 1.5rem;
transition: all 0.3s ease;
}
.icon-wrapper.success { background: rgba(16, 185, 129, 0.1); }
.icon-wrapper.pending { background: rgba(245, 158, 11, 0.1); }
.icon {
width: 40px;
height: 40px;
}
.icon.success { color: var(--primary); }
.icon.pending { color: var(--warning); }
h1 {
font-size: 2rem;
font-weight: 700;
margin-bottom: 0.75rem;
background: linear-gradient(to bottom right, #ffffff, #a1a1aa);
-webkit-background-clip: text;
background-clip: text;
-webkit-text-fill-color: transparent;
}
p {
font-size: 1.1rem;
margin-bottom: 2rem;
color: var(--text-muted);
line-height: 1.6;
}
.btn {
display: inline-block;
background-color: var(--primary);
color: white;
padding: 1rem 2.5rem;
text-decoration: none;
border-radius: 12px;
font-weight: 600;
font-size: 1.1rem;
transition: all 0.2s ease;
box-shadow: 0 10px 15px -3px rgba(16, 185, 129, 0.4);
}
.btn:hover {
transform: translateY(-2px);
box-shadow: 0 20px 25px -5px rgba(16, 185, 129, 0.4);
}
.loader {
margin-top: 1.5rem;
font-size: 0.9rem;
color: var(--text-muted);
display: flex;
align-items: center;
justify-content: center;
gap: 8px;
}
.dot {
width: 4px;
height: 4px;
background: var(--primary);
border-radius: 50%;
animation: blink 1.4s infinite both;
}
.dot:nth-child(2) { animation-delay: 0.2s; }
.dot:nth-child(3) { animation-delay: 0.4s; }
@keyframes blink {
0%, 80%, 100% { opacity: 0; }
40% { opacity: 1; }
}
.bg-gradient {
position: fixed;
top: 0; left: 0; right: 0; bottom: 0;
background: radial-gradient(circle at 50% 50%, rgba(16, 185, 129, 0.05) 0%, rgba(9, 9, 11, 1) 70%);
z-index: 1;
}
.hidden { display: none !important; }
</style>
</head>
<body>
<div class="bg-gradient"></div>
<div class="container">
<!-- Success State -->
<div id="success-state" class="hidden">
<div class="icon-wrapper success">
<svg class="icon success" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"></path>
</svg>
</div>
<h1>Email Verified</h1>
<p>Your email has been successfully verified. You're all set to experience Sojorn.</p>
<a href="sojorn://verified" class="btn">Open Sojorn App</a>
<div class="loader">
<span>Redirecting to app</span>
<div class="dot"></div>
<div class="dot"></div>
<div class="dot"></div>
</div>
</div>
<!-- Pending State (Accessing URL directly) -->
<div id="pending-state">
<div class="icon-wrapper pending">
<svg class="icon pending" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path>
</svg>
</div>
<h1>Verification Required</h1>
<p>We couldn't confirm your verification status. Please use the link sent to your email address.</p>
<a href="sojorn://login" class="btn" style="background-color: #3f3f46; box-shadow: none;">Return to App</a>
</div>
</div>
<script>
const params = new URLSearchParams(window.location.search);
if (params.get('status') === 'success') {
document.getElementById('pending-state').classList.add('hidden');
document.getElementById('success-state').classList.remove('hidden');
// Auto-redirect to app
setTimeout(function () {
window.location.href = "sojorn://verified";
}, 2000);
}
</script>
</body>
</html>