diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index dac8078a6..6f136c3ad 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -374,10 +374,13 @@ class AccountController extends Controller public function sudoModeVerify(Request $request) { $this->validate($request, [ - 'password' => 'required|string|max:500' + 'password' => 'required|string|max:500', + 'trustDevice' => 'nullable' ]); + $user = Auth::user(); $password = $request->input('password'); + $trustDevice = $request->input('trustDevice') == 'on'; $next = $request->session()->get('redirectNext', '/'); if($request->session()->has('sudoModeAttempts')) { $count = (int) $request->session()->get('sudoModeAttempts'); @@ -387,6 +390,9 @@ class AccountController extends Controller } if(password_verify($password, $user->password) === true) { $request->session()->put('sudoMode', time()); + if($trustDevice == true) { + $request->session()->put('sudoTrustDevice', 1); + } return redirect($next); } else { return redirect() diff --git a/app/Http/Middleware/DangerZone.php b/app/Http/Middleware/DangerZone.php index 5a43d6e6b..c74c90eeb 100644 --- a/app/Http/Middleware/DangerZone.php +++ b/app/Http/Middleware/DangerZone.php @@ -25,7 +25,7 @@ class DangerZone if(!Auth::check()) { return redirect(route('login')); } - if(!$request->is('i/auth/sudo')) { + if(!$request->is('i/auth/sudo') && $request->session()->get('sudoTrustDevice') != 1) { if( !$request->session()->has('sudoMode') ) { $request->session()->put('redirectNext', $request->url()); return redirect('/i/auth/sudo'); diff --git a/resources/views/auth/sudo.blade.php b/resources/views/auth/sudo.blade.php index 9a253c32a..515fcba03 100644 --- a/resources/views/auth/sudo.blade.php +++ b/resources/views/auth/sudo.blade.php @@ -13,19 +13,23 @@
@csrf -
+
+ -
- - - @if ($errors->has('password')) - - {{ $errors->first('password') }} - - @endif -
+ @if ($errors->has('password')) + + {{ $errors->first('password') }} + + @endif
+
+
+ + +
+
+