mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-22 06:21:27 +00:00
Added trusted devices to sudo mode
This commit is contained in:
parent
8ffb20f57e
commit
0c82c97069
3 changed files with 22 additions and 12 deletions
|
@ -374,10 +374,13 @@ class AccountController extends Controller
|
|||
public function sudoModeVerify(Request $request)
|
||||
{
|
||||
$this->validate($request, [
|
||||
'password' => 'required|string|max:500'
|
||||
'password' => 'required|string|max:500',
|
||||
'trustDevice' => 'nullable'
|
||||
]);
|
||||
|
||||
$user = Auth::user();
|
||||
$password = $request->input('password');
|
||||
$trustDevice = $request->input('trustDevice') == 'on';
|
||||
$next = $request->session()->get('redirectNext', '/');
|
||||
if($request->session()->has('sudoModeAttempts')) {
|
||||
$count = (int) $request->session()->get('sudoModeAttempts');
|
||||
|
@ -387,6 +390,9 @@ class AccountController extends Controller
|
|||
}
|
||||
if(password_verify($password, $user->password) === true) {
|
||||
$request->session()->put('sudoMode', time());
|
||||
if($trustDevice == true) {
|
||||
$request->session()->put('sudoTrustDevice', 1);
|
||||
}
|
||||
return redirect($next);
|
||||
} else {
|
||||
return redirect()
|
||||
|
|
|
@ -25,7 +25,7 @@ class DangerZone
|
|||
if(!Auth::check()) {
|
||||
return redirect(route('login'));
|
||||
}
|
||||
if(!$request->is('i/auth/sudo')) {
|
||||
if(!$request->is('i/auth/sudo') && $request->session()->get('sudoTrustDevice') != 1) {
|
||||
if( !$request->session()->has('sudoMode') ) {
|
||||
$request->session()->put('redirectNext', $request->url());
|
||||
return redirect('/i/auth/sudo');
|
||||
|
|
|
@ -13,19 +13,23 @@
|
|||
<form method="POST">
|
||||
@csrf
|
||||
|
||||
<div class="form-group row">
|
||||
<div class="form-group">
|
||||
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{__('Password')}}" required>
|
||||
|
||||
<div class="col-md-12">
|
||||
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{__('Password')}}" required>
|
||||
|
||||
@if ($errors->has('password'))
|
||||
<span class="invalid-feedback">
|
||||
<strong>{{ $errors->first('password') }}</strong>
|
||||
</span>
|
||||
@endif
|
||||
</div>
|
||||
@if ($errors->has('password'))
|
||||
<span class="invalid-feedback">
|
||||
<strong>{{ $errors->first('password') }}</strong>
|
||||
</span>
|
||||
@endif
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<div class="custom-control custom-checkbox">
|
||||
<input type="checkbox" class="custom-control-input" id="trusted-device" name="trustDevice">
|
||||
<label class="custom-control-label text-muted" for="trusted-device">Don't ask me again, trust this device</label>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group row mb-0">
|
||||
<div class="col-md-12">
|
||||
<button type="submit" class="btn btn-success btn-block font-weight-bold">
|
||||
|
|
Loading…
Reference in a new issue