UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2025-01-30 16:30:45 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update DangerZone/Sudo middleware

Browse source
This commit is contained in:
Daniel Supernault 2020-02-17 23:16:44 -07:00
parent 88534f2deb
commit 6a16559132
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
2 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/Http/Controllers/AccountController.php
View file

@ -270,7 +270,6 @@ class AccountController extends Controller
return redirect()->back(); return redirect()->back();
} }
public function unblock(Request $request) public function unblock(Request $request)
{ {
$this->validate($request, [ $this->validate($request, [
@ -362,6 +361,13 @@ class AccountController extends Controller
public function sudoMode(Request $request) public function sudoMode(Request $request)
{ {
if($request->session()->has('sudoModeAttempts') && $request->session()->get('sudoModeAttempts') >= 3) {
$request->session()->pull('2fa.session.active');
$request->session()->pull('redirectNext');
$request->session()->pull('sudoModeAttempts');
Auth::logout();
return redirect(route('login'));
}
return view('auth.sudo'); return view('auth.sudo');
} }
@ -373,6 +379,12 @@ class AccountController extends Controller
$user = Auth::user(); $user = Auth::user();
$password = $request->input('password'); $password = $request->input('password');
$next = $request->session()->get('redirectNext', '/'); $next = $request->session()->get('redirectNext', '/');
if($request->session()->has('sudoModeAttempts')) {
$count = (int) $request->session()->get('sudoModeAttempts');
$request->session()->put('sudoModeAttempts', $count + 1);
} else {
$request->session()->put('sudoModeAttempts', 1);
}
if(password_verify($password, $user->password) === true) { if(password_verify($password, $user->password) === true) {
$request->session()->put('sudoMode', time()); $request->session()->put('sudoMode', time());
return redirect($next); return redirect($next);

6
app/Http/Middleware/DangerZone.php
View file

@ -16,6 +16,12 @@ class DangerZone
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if( $request->session()->get('sudoModeAttempts') > 3) {
$request->session()->pull('redirectNext');
$request->session()->pull('sudoModeAttempts');
Auth::logout();
return redirect(route('login'));
}
if(!Auth::check()) { if(!Auth::check()) {
return redirect(route('login')); return redirect(route('login'));
} }