gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-09-05 17:31:12 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity

feature/require-mfa-by-admin - Using Skip_before_action

Browse Source
This commit is contained in:
Fredys Fonseca 2025-07-23 18:00:09 +00:00 committed by Fredys Fonseca Consuegra
parent f5c14b753a
commit a8f5e3fa62
7 changed files with 8 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/auth/registrations_controller.rb
View File

@ -18,6 +18,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
skip_before_action :check_self_destruct!, only: [:edit, :update] skip_before_action :check_self_destruct!, only: [:edit, :update]
skip_before_action :require_functional!, only: [:edit, :update] skip_before_action :require_functional!, only: [:edit, :update]
skip_before_action :check_mfa_requirement, only: [:edit, :update]
def new def new
super(&:build_invite_request) super(&:build_invite_request)
@ -144,9 +145,4 @@ class Auth::RegistrationsController < Devise::RegistrationsController
super super
end end
end end
def skip_mfa_force?
# Allow profile editing even when MFA is required
%w(edit update).include?(action_name)
end
end end

14
app/controllers/auth/sessions_controller.rb
View File

@ -11,6 +11,7 @@ class Auth::SessionsController < Devise::SessionsController
skip_before_action :require_no_authentication, only: [:create] skip_before_action :require_no_authentication, only: [:create]
skip_before_action :require_functional! skip_before_action :require_functional!
skip_before_action :update_user_sign_in skip_before_action :update_user_sign_in
skip_before_action :check_mfa_requirement, only: [:destroy]
prepend_before_action :check_suspicious!, only: [:create] prepend_before_action :check_suspicious!, only: [:create]
@ -193,17 +194,8 @@ class Auth::SessionsController < Devise::SessionsController
def respond_to_on_destroy def respond_to_on_destroy
respond_to do |format| respond_to do |format|
format.json do format.any(*navigational_formats) { redirect_to after_sign_out_path_for(:user) }
render json: { format.all { head 204 }
redirect_to: after_sign_out_path_for(resource_name),
}, status: 200
end
format.all { super }
end end
end end
def skip_mfa_force?
# Allow logout to work even when MFA is required
action_name == 'destroy'
end
end end

6
app/controllers/auth/setup_controller.rb
View File

@ -8,6 +8,7 @@ class Auth::SetupController < ApplicationController
before_action :set_user before_action :set_user
skip_before_action :require_functional! skip_before_action :require_functional!
skip_before_action :check_mfa_requirement
def show; end def show; end
@ -37,9 +38,4 @@ class Auth::SetupController < ApplicationController
def user_params def user_params
params.expect(user: [:email]) params.expect(user: [:email])
end end
def skip_mfa_force?
# Allow auth setup even when MFA is required
true
end
end end

7
app/controllers/concerns/mfa_force_concern.rb
View File

@ -12,7 +12,6 @@ module MfaForceConcern
def check_mfa_requirement def check_mfa_requirement
return unless mfa_force_enabled? return unless mfa_force_enabled?
return if current_user.otp_enabled? return if current_user.otp_enabled?
return if mfa_force_skipped?
flash[:alert] = I18n.t('require_multi_factor_auth.required_message') flash[:alert] = I18n.t('require_multi_factor_auth.required_message')
redirect_to settings_otp_authentication_path redirect_to settings_otp_authentication_path
@ -22,12 +21,6 @@ module MfaForceConcern
mfa_config[:force_enabled] mfa_config[:force_enabled]
end end
def mfa_force_skipped?
# Allow controllers to opt out of MFA force requirement
# by defining skip_mfa_force? method
respond_to?(:skip_mfa_force?) && skip_mfa_force?
end
def mfa_config def mfa_config
@mfa_config ||= Rails.application.config_for(:mfa) @mfa_config ||= Rails.application.config_for(:mfa)
end end

5
app/controllers/settings/two_factor_authentication/confirmations_controller.rb
View File

@ -6,6 +6,7 @@ module Settings
include ChallengableConcern include ChallengableConcern
skip_before_action :require_functional! skip_before_action :require_functional!
skip_before_action :check_mfa_requirement
before_action :require_challenge! before_action :require_challenge!
before_action :ensure_otp_secret before_action :ensure_otp_secret
@ -53,10 +54,6 @@ module Settings
def ensure_otp_secret def ensure_otp_secret
redirect_to settings_otp_authentication_path if session[:new_otp_secret].blank? redirect_to settings_otp_authentication_path if session[:new_otp_secret].blank?
end end
def skip_mfa_force?
true
end
end end
end end
end end

5
app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
View File

@ -6,6 +6,7 @@ module Settings
include ChallengableConcern include ChallengableConcern
skip_before_action :require_functional! skip_before_action :require_functional!
skip_before_action :check_mfa_requirement
before_action :verify_otp_not_enabled, only: [:show] before_action :verify_otp_not_enabled, only: [:show]
before_action :require_challenge!, only: [:create] before_action :require_challenge!, only: [:create]
@ -25,10 +26,6 @@ module Settings
def verify_otp_not_enabled def verify_otp_not_enabled
redirect_to settings_two_factor_authentication_methods_path if current_user.otp_enabled? redirect_to settings_two_factor_authentication_methods_path if current_user.otp_enabled?
end end
def skip_mfa_force?
true
end
end end
end end
end end

5
app/controllers/settings/two_factor_authentication_methods_controller.rb
View File

@ -6,6 +6,7 @@ module Settings
skip_before_action :check_self_destruct! skip_before_action :check_self_destruct!
skip_before_action :require_functional! skip_before_action :require_functional!
skip_before_action :check_mfa_requirement
before_action :require_challenge!, only: :disable before_action :require_challenge!, only: :disable
before_action :require_otp_enabled before_action :require_otp_enabled
@ -24,9 +25,5 @@ module Settings
def require_otp_enabled def require_otp_enabled
redirect_to settings_otp_authentication_path unless current_user.otp_enabled? redirect_to settings_otp_authentication_path unless current_user.otp_enabled?
end end
def skip_mfa_force?
true
end
end end
end end