UA-Fediland/pixelfed
2
0
Fork 0
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-09-20 16:28:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #4331 from pixelfed/staging

Browse source 
Staging
This commit is contained in:
daniel 2023-04-26 03:17:32 -06:00 committed by GitHub
commit d40d48aa76
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 572 additions and 178 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGELOG.md
View file

@ -31,6 +31,11 @@
- Update RegisterController, store client ip during registration ([d4c967de](https://github.com/pixelfed/pixelfed/commit/d4c967de)) - Update RegisterController, store client ip during registration ([d4c967de](https://github.com/pixelfed/pixelfed/commit/d4c967de))
- Update ApiV1Controller, fix account blocks. Closes #4304 ([98739139](https://github.com/pixelfed/pixelfed/commit/98739139)) - Update ApiV1Controller, fix account blocks. Closes #4304 ([98739139](https://github.com/pixelfed/pixelfed/commit/98739139))
- Update RegisterController, improve max_users calculation and add kb page to redirect to if conditions are met ([1bbee6d0](https://github.com/pixelfed/pixelfed/commit/1bbee6d0)) - Update RegisterController, improve max_users calculation and add kb page to redirect to if conditions are met ([1bbee6d0](https://github.com/pixelfed/pixelfed/commit/1bbee6d0))
- Update SecuritySettings, remove imagick depdency for 2FA qr code generation image ([506f95c6](https://github.com/pixelfed/pixelfed/commit/506f95c6))
- Update 2fa checkpoint view design ([86c472ac](https://github.com/pixelfed/pixelfed/commit/86c472ac))
- Update sudo mode checkpoint view design ([091e0b2c](https://github.com/pixelfed/pixelfed/commit/091e0b2c))
- Update ForgotPasswordController, add captcha support, improve security and a new redesigned view ([f6e7ff64](https://github.com/pixelfed/pixelfed/commit/f6e7ff64))
- Update ResetPasswordController, add captcha support, improve security and a new redesigned view ([0ab5b96a](https://github.com/pixelfed/pixelfed/commit/0ab5b96a))
- ([](https://github.com/pixelfed/pixelfed/commit/)) - ([](https://github.com/pixelfed/pixelfed/commit/))
## [v0.11.5 (2023-03-25)](https://github.com/pixelfed/pixelfed/compare/v0.11.4...v0.11.5) ## [v0.11.5 (2023-03-25)](https://github.com/pixelfed/pixelfed/compare/v0.11.4...v0.11.5)

45
app/Http/Controllers/Auth/ForgotPasswordController.php
View file

@ -43,6 +43,8 @@ class ForgotPasswordController extends Controller
abort_if(BouncerService::checkIp(request()->ip()), 404); abort_if(BouncerService::checkIp(request()->ip()), 404);
} }
usleep(random_int(100000, 300000));
return view('auth.passwords.email'); return view('auth.passwords.email');
} }
@ -52,12 +54,51 @@ class ForgotPasswordController extends Controller
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @return void * @return void
*/ */
protected function validateEmail(Request $request) public function validateEmail(Request $request)
{ {
if(config('pixelfed.bouncer.cloud_ips.ban_logins')) { if(config('pixelfed.bouncer.cloud_ips.ban_logins')) {
abort_if(BouncerService::checkIp($request->ip()), 404); abort_if(BouncerService::checkIp($request->ip()), 404);
} }
$request->validate(['email' => 'required|email']); usleep(random_int(100000, 3000000));
if(config('captcha.enabled')) {
$rules = [
'email' => 'required|email',
'h-captcha-response' => 'required|captcha'
];
} else {
$rules = [
'email' => 'required|email'
];
}
$request->validate($rules, [
'h-captcha-response' => 'Failed to validate the captcha.',
]);
}
/**
* Get the response for a failed password reset link.
*
* @param \Illuminate\Http\Request $request
* @param string $response
* @return \Illuminate\Http\RedirectResponse
*
* @throws \Illuminate\Validation\ValidationException
*/
public function sendResetLinkFailedResponse(Request $request, $response)
{
if ($request->wantsJson()) {
throw ValidationException::withMessages([
'email' => [trans($response)],
]);
}
return back()
->withInput($request->only('email'))
->withErrors([
'email' => trans($response),
]);
} }
} }

73
app/Http/Controllers/Auth/ResetPasswordController.php
View file

@ -7,6 +7,7 @@ use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Support\Facades\Password; use Illuminate\Support\Facades\Password;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Services\BouncerService; use App\Services\BouncerService;
use Illuminate\Validation\Rules;
class ResetPasswordController extends Controller class ResetPasswordController extends Controller
{ {
@ -40,6 +41,46 @@ class ResetPasswordController extends Controller
$this->middleware('guest'); $this->middleware('guest');
} }
/**
* Get the password reset validation rules.
*
* @return array
*/
protected function rules()
{
usleep(random_int(100000, 3000000));
if(config('captcha.enabled')) {
return [
'token' => 'required',
'email' => 'required|email',
'password' => ['required', 'confirmed', 'max:72', Rules\Password::defaults()],
'h-captcha-response' => ['required' ,'filled', 'captcha']
];
}
return [
'token' => 'required',
'email' => 'required|email',
'password' => ['required', 'confirmed', 'max:72', Rules\Password::defaults()],
];
}
/**
* Get the password reset validation error messages.
*
* @return array
*/
protected function validationErrorMessages()
{
return [
'password.max' => 'Passwords should not exceed 72 characters.',
'h-captcha-response.required' => 'Failed to validate the captcha.',
'h-captcha-response.filled' => 'Failed to validate the captcha.',
'h-captcha-response.captcha' => 'Failed to validate the captcha.',
];
}
/** /**
* Display the password reset view for the given token. * Display the password reset view for the given token.
* *
@ -54,6 +95,8 @@ class ResetPasswordController extends Controller
abort_if(BouncerService::checkIp($request->ip()), 404); abort_if(BouncerService::checkIp($request->ip()), 404);
} }
usleep(random_int(100000, 300000));
$token = $request->route()->parameter('token'); $token = $request->route()->parameter('token');
return view('auth.passwords.reset')->with( return view('auth.passwords.reset')->with(
@ -86,4 +129,34 @@ class ResetPasswordController extends Controller
: $this->sendResetFailedResponse($request, $response); : $this->sendResetFailedResponse($request, $response);
} }
/**
* Get the password reset credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
return $request->only(
'email', 'password', 'password_confirmation', 'token'
);
}
/**
* Get the response for a failed password reset.
*
* @param \Illuminate\Http\Request $request
* @param string $response
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
*/
protected function sendResetFailedResponse(Request $request, $response)
{
if ($request->wantsJson()) {
throw ValidationException::withMessages(['email' => [trans($response)]]);
}
return redirect()->back()
->withInput($request->only('email'))
->withErrors(['email' => [trans($response)]]);
}
} }

8
app/Http/Controllers/Settings/SecuritySettings.php
View file

@ -16,7 +16,7 @@ use Carbon\Carbon;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use PragmaRX\Google2FA\Google2FA; use PragmaRX\Google2FA\Google2FA;
use BaconQrCode\Renderer\ImageRenderer; use BaconQrCode\Renderer\ImageRenderer;
use BaconQrCode\Renderer\Image\ImagickImageBackEnd; use BaconQrCode\Renderer\Image\SvgImageBackEnd;
use BaconQrCode\Renderer\RendererStyle\RendererStyle; use BaconQrCode\Renderer\RendererStyle\RendererStyle;
use BaconQrCode\Writer; use BaconQrCode\Writer;
@ -56,13 +56,15 @@ trait SecuritySettings
$key, $key,
500 500
); );
$writer = new Writer( $writer = new Writer(
new ImageRenderer( new ImageRenderer(
new RendererStyle(400), new RendererStyle(400),
new ImagickImageBackEnd() new SvgImageBackEnd()
) )
); );
$qrcode = base64_encode($writer->writeString($qrcode)); $qrcode = $writer->writeString($qrcode);
$user->{'2fa_secret'} = $key; $user->{'2fa_secret'} = $key;
$user->{'2fa_backup_codes'} = json_encode($backups); $user->{'2fa_backup_codes'} = json_encode($backups);
$user->save(); $user->save();

78
resources/views/auth/checkpoint.blade.php
View file

@ -1,25 +1,47 @@
@extends('layouts.blank') @extends('layouts.blank')
@push('styles')
<link href="{{ mix('css/landing.css') }}" rel="stylesheet">
<link rel="preload" as="image" href="{{ url('/_landing/bg.jpg')}}" />
@endpush
@section('content') @section('content')
<div class="page-wrapper">
<div class="container mt-5"> <div class="container mt-5">
<div class="row justify-content-center"> <div class="row justify-content-center">
<div class="col-lg-5"> <div class="col-lg-5">
<div class="text-center"> <div class="text-center">
<img src="/img/pixelfed-icon-color.svg" height="60px"> <a href="/">
<p class="font-weight-light h3 py-4">Verify Two Factor Code</p> <img src="/img/pixelfed-icon-white.svg" height="60px">
</div> </a>
<div class="alert alert-info small"> <h1 class="pt-4 pb-1">2FA Checkpoint</h1>
<p class="font-weight-light lead">
Enter the 2FA code from your device.
</p>
<p class="text-muted small pb-3">
If you lose access to your 2FA device, contact the admins. If you lose access to your 2FA device, contact the admins.
</p>
</div> </div>
<div class="card"> <div class="card bg-glass">
<div class="card-body"> <div class="card-body">
<form method="POST"> <form method="POST" id="2faForm">
@csrf @csrf
<div class="form-group row"> <div class="form-group row">
<div class="col-md-12"> <div class="col-md-12">
<input id="code" type="text" class="form-control{{ $errors->has('code') ? ' is-invalid' : '' }}" name="code" placeholder="{{__('Two-Factor Authentication Code')}}" required autocomplete="off" autofocus="" inputmode="numeric" minlength="6"> <label class="font-weight-bold small text-muted">2FA Code</label>
<input
id="code"
type="text"
class="form-control{{ $errors->has('code') ? ' is-invalid' : '' }}"
name="code"
placeholder="{{__('Two-Factor Authentication Code')}}"
required
autocomplete="new-password"
autofocus=""
inputmode="numeric"
minlength="6">
@if ($errors->has('code')) @if ($errors->has('code'))
<span class="invalid-feedback"> <span class="invalid-feedback">
@ -31,7 +53,12 @@
<div class="form-group row mb-0"> <div class="form-group row mb-0">
<div class="col-md-12"> <div class="col-md-12">
<button type="submit" class="btn btn-success btn-block font-weight-bold"> <button
type="button"
id="sbtn"
class="btn btn-success btn-block rounded-pill font-weight-bold"
onclick="event.preventDefault();handleSubmit()"
>
{{ __('Verify') }} {{ __('Verify') }}
</button> </button>
@ -40,16 +67,39 @@
</form> </form>
</div> </div>
</div> </div>
<div class="d-flex justify-content-between pt-4 small"> <div class="d-flex justify-content-between my-3">
<span class="text-lighter text-decoration-none">Logged in as: <span class="font-weight-bold text-muted">{{Auth::user()->username}}</span></span> <p class="mb-0 small">
<span> <span class="text-muted">Logged in as:</span> {{request()->user()->username}}
<a class="text-decoration-none text-muted font-weight-bold" href="{{ route('logout') }}" onclick="event.preventDefault();document.getElementById('logout-form').submit();">Logout</a> </p>
<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
<form action="/logout" method="post">
@csrf @csrf
<button type="submit" class="btn btn-link p-0 btn-sm text-white font-weight-bold">Logout</button>
</form> </form>
</span> </div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
@endsection @endsection
@push('scripts')
<script type="text/javascript">
function handleSubmit() {
let warning = document.querySelector('.invalid-feedback');
if(warning) {
warning.style.display = 'none';
}
let code = document.getElementById('code');
code.setAttribute('readonly', 'readonly');
code.style.opacity = '20%';
let btn = document.getElementById('sbtn');
btn.classList.add('disabled');
btn.setAttribute('disabled', 'disabled');
btn.innerHTML = '<div class="spinner-border spinner-border-sm" role="status"><span class="sr-only">Loading...</span></div>';
document.getElementById('2faForm').submit()
}
</script>
@endpush

100
resources/views/auth/passwords/email.blade.php
View file

@ -1,31 +1,68 @@
@extends('layouts.app') @extends('layouts.blank')
@push('styles')
<link href="{{ mix('css/landing.css') }}" rel="stylesheet">
<link rel="preload" as="image" href="{{ url('/_landing/bg.jpg')}}" />
@endpush
@section('content') @section('content')
<div class="page-wrapper">
<div class="container mt-4"> <div class="container mt-4">
<div class="row justify-content-center"> <div class="row justify-content-center">
<div class="col-lg-5"> <div class="col-lg-5">
<div class="card"> <div class="text-center">
<div class="card-header bg-white p-3 text-center font-weight-bold">{{ __('Reset Password') }}</div> <a href="/">
<img src="/img/pixelfed-icon-white.svg" height="60px">
</a>
<h1 class="pt-4 pb-1">Reset Password</h1>
<p class="font-weight-light pb-2">Send a password reset mail to reset your password</p>
</div>
<div class="card-body">
@if(session('status') || $errors->has('email')) @if(session('status') || $errors->has('email'))
<div class="alert alert-success"> <div class="alert alert-info small">
<div class="d-flex align-items-center font-weight-bold" style="gap:0.5rem;">
<i class="far fa-exclamation-triangle fa-lg" style="opacity:20%"></i>
{{ session('status') ?? $errors->first('email') }} {{ session('status') ?? $errors->first('email') }}
</div> </div>
</div>
@endif @endif
<form method="POST" action="{{ route('password.email') }}"> <div class="card bg-glass">
<div class="card-header bg-transparent p-3 text-center font-weight-bold" style="border-bottom:1px solid #ffffff20">{{ __('Reset Password') }}</div>
<div class="card-body">
<form id="passwordReset" method="POST" action="{{ route('password.email') }}">
@csrf @csrf
<div class="form-group row"> <div class="form-group row">
<div class="col-md-12"> <div class="col-md-12">
<label class="font-weight-bold small text-muted">Email</label>
<input id="email" type="email" class="form-control" name="email" placeholder="{{ __('E-Mail Address') }}" required> <input id="email" type="email" class="form-control" name="email" placeholder="{{ __('E-Mail Address') }}" required>
@if ($errors->has('email') && $errors->first('email') === 'The email must be a valid email address.')
<span class="text-danger small mb-3">
<strong>{{ $errors->first('email') }}</strong>
</span>
@endif
</div> </div>
</div> </div>
<div class="form-group row mb-0"> @if(config('captcha.enabled'))
<label class="font-weight-bold small text-muted">Captcha</label>
<div class="d-flex flex-grow-1">
{!! Captcha::display(['data-theme' => 'dark']) !!}
</div>
@if ($errors->has('h-captcha-response'))
<div class="text-danger small mb-3">
<strong>{{ $errors->first('h-captcha-response') }}</strong>
</div>
@endif
@endif
<div class="form-group row pt-4 mb-0">
<div class="col-md-12"> <div class="col-md-12">
<button type="submit" class="btn btn-primary btn-block py-0 font-weight-bold"> <button type="button" id="sbtn" class="btn btn-primary btn-block rounded-pill font-weight-bold" onclick="event.preventDefault();handleSubmit()">
{{ __('Send Password Reset Link') }} {{ __('Send Password Reset Link') }}
</button> </button>
</div> </div>
@ -34,14 +71,53 @@
</div> </div>
</div> </div>
<div class="card mt-3"> <div class="mt-3 d-flex justify-content-between align-items-center">
<div class="card-body text-center"> <a class="btn btn-link text-white font-weight-bold text-decoration-none" href="{{ route('login') }}">
<a class="btn btn-link font-weight-bold" href="{{ route('login') }}"> <i class="far fa-long-arrow-left fa-lg mr-1"></i> {{ __('Back to Login') }}
{{ __('Back to Login') }}
</a> </a>
<a href="#" class="text-white font-weight-bold text-decoration-none" onclick="event.preventDefault();forgotUsername()">Forgot email?</a>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
@endsection @endsection
@push('scripts')
<script type="text/javascript">
function forgotUsername() {
swal({
title: 'Forgot email?',
text: 'Contact the instance admins to assist you in recovering your account.',
icon: 'info',
buttons: {
contact: {
text: "Contact Admins",
value: "contact",
className: "bg-danger"
},
cancel: "Close",
},
})
.then((value) => {
switch(value) {
case 'contact':
window.location.href = '/site/contact';
break;
}
});
}
function handleSubmit() {
let email = document.getElementById('email');
email.classList.add('disabled');
let btn = document.getElementById('sbtn');
btn.classList.add('disabled');
btn.setAttribute('disabled', 'disabled');
btn.innerHTML = '<div class="spinner-border spinner-border-sm" role="status"><span class="sr-only">Loading...</span></div>';
document.getElementById('passwordReset').submit()
}
</script>
@endpush

110
resources/views/auth/passwords/reset.blade.php
View file

@ -1,21 +1,55 @@
@extends('layouts.app') @extends('layouts.blank')
@push('styles')
<link href="{{ mix('css/landing.css') }}" rel="stylesheet">
<link rel="preload" as="image" href="{{ url('/_landing/bg.jpg')}}" />
@endpush
@section('content') @section('content')
<div class="page-wrapper">
<div class="container mt-4"> <div class="container mt-4">
<div class="row justify-content-center"> <div class="row justify-content-center">
<div class="col-lg-5"> <div class="col-lg-5">
<div class="card"> <div class="text-center">
<div class="card-header bg-white p-3 text-center font-weight-bold">{{ __('Reset Password') }}</div> <a href="/">
<img src="/img/pixelfed-icon-white.svg" height="60px">
</a>
<h1 class="pt-4 pb-1">Reset Password</h1>
<p class="font-weight-light pb-2">Use this form to reset your password.</p>
</div>
@if ($errors)
@foreach($errors as $error)
<span class="invalid-feedback">
<strong>{{ $error }}</strong>
</span>
@endforeach
@endif
<div class="card bg-glass">
<div class="card-header bg-transparent p-3 text-center font-weight-bold" style="border-bottom:1px solid #ffffff20">{{ __('Reset Password') }}</div>
<div class="card-body"> <div class="card-body">
<form method="POST" action="{{ route('password.request') }}"> <form id="passwordReset" method="POST" action="{{ route('password.request') }}">
@csrf @csrf
<input type="hidden" name="token" value="{{ $token }}"> <input type="hidden" name="token" value="{{ $token }}">
<input type="hidden" name="email" value="{{ $email ?? old('email') }}">
<div class="form-group row"> <div class="form-group row">
<div class="col-md-12"> <div class="col-md-12">
<input id="email" type="email" class="form-control{{ $errors->has('email') ? ' is-invalid' : '' }}" name="email" value="{{ $email ?? old('email') }}" placeholder="{{ __('E-Mail Address') }}" required autofocus> <label class="font-weight-bold small text-muted">Email</label>
<input
id="email"
type="email"
class="form-control {{ $errors->has('email') ? ' is-invalid' : '' }}"
name="email"
value="{{ $email ?? old('email') }}"
placeholder="{{ __('E-Mail Address') }}"
required
disabled
style="opacity: 20%;">
@if ($errors->has('email')) @if ($errors->has('email'))
<span class="invalid-feedback"> <span class="invalid-feedback">
<strong>{{ $errors->first('email') }}</strong> <strong>{{ $errors->first('email') }}</strong>
@ -23,22 +57,49 @@
@endif @endif
</div> </div>
</div> </div>
<hr>
<hr class="bg-muted">
<div class="form-group row"> <div class="form-group row">
<div class="col-md-12"> <div class="col-md-12">
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{ __('Password') }}" required> <label class="font-weight-bold small text-muted">New Password</label>
<input
id="password"
type="password"
class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}"
name="password"
placeholder="{{ __('Password') }}"
minlength="{{config('pixelfed.min_password_length')}}"
maxlength="72"
autocomplete="new-password"
autofocus
required>
@if ($errors->has('password')) @if ($errors->has('password'))
<span class="invalid-feedback"> <span class="invalid-feedback">
<strong>{{ $errors->first('password') }}</strong> <strong>{{ $errors->first('password') }}</strong>
</span> </span>
@else
<p class="help-text small text-muted mb-0 mt-1">Enter a new password between {{config('pixelfed.min_password_length')}}-72 characters long.</p>
@endif @endif
</div> </div>
</div> </div>
<div class="form-group row"> <div class="form-group row">
<div class="col-md-12"> <div class="col-md-12">
<input id="password-confirm" type="password" class="form-control{{ $errors->has('password_confirmation') ? ' is-invalid' : '' }}" name="password_confirmation" placeholder="{{ __('Confirm Password') }}" required> <label class="font-weight-bold small text-muted">Confirm New Password</label>
<input
id="password-confirm"
type="password"
class="form-control{{ $errors->has('password_confirmation') ? ' is-invalid' : '' }}"
name="password_confirmation"
placeholder="{{ __('Confirm Password') }}"
minlength="{{config('pixelfed.min_password_length')}}"
autocomplete="new-password"
maxlength="72"
required>
@if ($errors->has('password_confirmation')) @if ($errors->has('password_confirmation'))
<span class="invalid-feedback"> <span class="invalid-feedback">
@ -48,9 +109,25 @@
</div> </div>
</div> </div>
<div class="form-group row mb-0"> @if(config('captcha.enabled'))
<label class="font-weight-bold small pt-3 text-muted">Captcha</label>
<div class="d-flex flex-grow-1">
{!! Captcha::display(['data-theme' => 'dark']) !!}
</div>
@if ($errors->has('h-captcha-response'))
<div class="text-danger small mb-3">
<strong>{{ $errors->first('h-captcha-response') }}</strong>
</div>
@endif
@endif
<div class="form-group row pt-4 mb-0">
<div class="col-md-12"> <div class="col-md-12">
<button type="submit" class="btn btn-primary btn-block py-0 font-weight-bold"> <button
type="button"
id="sbtn"
class="btn btn-success btn-block rounded-pill font-weight-bold"
onclick="event.preventDefault();handleSubmit()">
{{ __('Reset Password') }} {{ __('Reset Password') }}
</button> </button>
</div> </div>
@ -61,4 +138,17 @@
</div> </div>
</div> </div>
</div> </div>
</div>
@endsection @endsection
@push('scripts')
<script type="text/javascript">
function handleSubmit() {
let btn = document.getElementById('sbtn');
btn.classList.add('disabled');
btn.setAttribute('disabled', 'disabled');
btn.innerHTML = '<div class="spinner-border spinner-border-sm" role="status"><span class="sr-only">Loading...</span></div>';
document.getElementById('passwordReset').submit()
}
</script>
@endpush

73
resources/views/auth/sudo.blade.php
View file

@ -1,20 +1,37 @@
@extends('layouts.blank') @extends('layouts.blank')
@push('styles')
<link href="{{ mix('css/landing.css') }}" rel="stylesheet">
<link rel="preload" as="image" href="{{ url('/_landing/bg.jpg')}}" />
@endpush
@section('content') @section('content')
<div class="page-wrapper">
<div class="container mt-5"> <div class="container mt-5">
<div class="row justify-content-center"> <div class="row justify-content-center">
<div class="col-lg-5"> <div class="col-lg-5">
<div class="text-center"> <div class="text-center">
<img src="/img/pixelfed-icon-color.svg" height="60px"> <a href="/">
<p class="font-weight-light h3 py-4">Confirm password to continue</p> <img src="/img/pixelfed-icon-white.svg" height="60px">
</a>
<h1 class="pt-4 pb-1">Sudo Mode</h1>
<p class="font-weight-light lead pb-2">Confirm password to continue</p>
</div> </div>
<div class="card"> <div class="card bg-glass">
<div class="card-body"> <div class="card-body">
<form method="POST"> <form method="POST" id="sudoForm">
@csrf @csrf
<div class="form-group"> <div class="form-group">
<input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{__('Password')}}" required> <label class="font-weight-bold small text-muted">Confirm Password</label>
<input
id="password"
type="password"
class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}"
name="password"
autocomplete="new-password"
placeholder="{{__('Password')}}"
required>
@if ($errors->has('password')) @if ($errors->has('password'))
<span class="invalid-feedback"> <span class="invalid-feedback">
@ -24,15 +41,19 @@
</div> </div>
<div class="form-group"> <div class="form-group">
<div class="custom-control custom-checkbox"> <div class="custom-control custom-checkbox" id="trusted-device">
<input type="checkbox" class="custom-control-input" id="trusted-device" name="trustDevice"> <input type="checkbox" class="custom-control-input" name="trustDevice">
<label class="custom-control-label text-muted" for="trusted-device">Trust this device and don't ask again</label> <label class="custom-control-label text-muted" for="trusted-device">Trust this device and don't ask again</label>
</div> </div>
</div> </div>
<div class="form-group row mb-0"> <div class="form-group row mb-0">
<div class="col-md-12"> <div class="col-md-12">
<button type="submit" class="btn btn-success btn-block font-weight-bold"> <button
type="button"
id="sbtn"
class="btn btn-success rounded-pill btn-block font-weight-bold"
onclick="event.preventDefault();handleSubmit()">
{{ __('Confirm Password') }} {{ __('Confirm Password') }}
</button> </button>
@ -41,7 +62,43 @@
</form> </form>
</div> </div>
</div> </div>
<div class="d-flex justify-content-between my-3">
<p class="mb-0 small">
<span class="text-muted">Logged in as:</span> {{request()->user()->username}}
</p>
<form action="/logout" method="post">
@csrf
<button type="submit" class="btn btn-link p-0 btn-sm text-white font-weight-bold">Logout</button>
</form>
</div>
</div>
</div> </div>
</div> </div>
</div> </div>
@endsection @endsection
@push('scripts')
<script type="text/javascript">
function handleSubmit() {
let warning = document.querySelector('.invalid-feedback');
if(warning) {
warning.style.display = 'none';
}
let email = document.getElementById('password');
email.setAttribute('readonly', 'readonly');
email.style.opacity = '20%';
let trustedDevice = document.getElementById('trusted-device');
trustedDevice.style.opacity = '20%';
let btn = document.getElementById('sbtn');
btn.classList.add('disabled');
btn.setAttribute('disabled', 'disabled');
btn.innerHTML = '<div class="spinner-border spinner-border-sm" role="status"><span class="sr-only">Loading...</span></div>';
document.getElementById('sudoForm').submit()
}
</script>
@endpush

2
resources/views/settings/security/2fa/setup.blade.php
View file

@ -50,7 +50,7 @@
<div class="card-body text-center"> <div class="card-body text-center">
<div class="pb-3"> <div class="pb-3">
<p class="font-weight-bold">QR Code</p> <p class="font-weight-bold">QR Code</p>
<img src="data:image/png;base64,{{$qrcode}}" class="img-fluid" width="200px"> {!!$qrcode!!}
</div> </div>
<div> <div>
<p class="font-weight-bold">OTP Secret</p> <p class="font-weight-bold">OTP Secret</p>