mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-11-26 00:03:16 +00:00
Update DangerZone middleware to use session instead of cookie
This commit is contained in:
parent
336deae05b
commit
d90cfffa3f
2 changed files with 9 additions and 6 deletions
|
@ -291,9 +291,10 @@ class AccountController extends Controller
|
|||
]);
|
||||
$user = Auth::user();
|
||||
$password = $request->input('password');
|
||||
$next = $request->cookie('redirectNext') ?:'/';
|
||||
$next = $request->session()->get('redirectNext', '/');
|
||||
if(password_verify($password, $user->password) === true) {
|
||||
return redirect($next)->withCookie('sudoMode', time());
|
||||
$request->session()->put('sudoMode', time());
|
||||
return redirect($next);
|
||||
}
|
||||
return redirect($next);
|
||||
}
|
||||
|
|
|
@ -20,11 +20,13 @@ class DangerZone
|
|||
return redirect(route('login'));
|
||||
}
|
||||
if(!$request->is('i/auth/sudo')) {
|
||||
if( false == $request->cookie('sudoMode') ) {
|
||||
return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url());
|
||||
if( !$request->session()->has('sudoMode') ) {
|
||||
$request->session()->put('redirectNext', $request->url());
|
||||
return redirect('/i/auth/sudo');
|
||||
}
|
||||
if( $request->cookie('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) {
|
||||
return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url());
|
||||
if( $request->session()->get('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) {
|
||||
$request->session()->put('redirectNext', $request->url());
|
||||
return redirect('/i/auth/sudo');
|
||||
}
|
||||
}
|
||||
return $next($request);
|
||||
|
|
Loading…
Reference in a new issue