mirror of
https://github.com/mastodon/mastodon.git
synced 2025-03-12 00:45:22 +00:00
93f3c724ae
Some checks failed
Bundler Audit / security (push) Waiting to run
Check i18n / check-i18n (push) Waiting to run
CodeQL / Analyze (javascript) (push) Waiting to run
CodeQL / Analyze (ruby) (push) Waiting to run
Check formatting / lint (push) Waiting to run
Haml Linting / lint (push) Waiting to run
Ruby Linting / lint (push) Waiting to run
Historical data migration test / test (14-alpine) (push) Waiting to run
Historical data migration test / test (15-alpine) (push) Waiting to run
Historical data migration test / test (16-alpine) (push) Waiting to run
Historical data migration test / test (17-alpine) (push) Waiting to run
Ruby Testing / build (production) (push) Waiting to run
Ruby Testing / build (test) (push) Waiting to run
Ruby Testing / test (.ruby-version) (push) Blocked by required conditions
Ruby Testing / test (3.2) (push) Blocked by required conditions
Ruby Testing / test (3.3) (push) Blocked by required conditions
Ruby Testing / Libvips tests (.ruby-version) (push) Blocked by required conditions
Ruby Testing / Libvips tests (3.2) (push) Blocked by required conditions
Ruby Testing / Libvips tests (3.3) (push) Blocked by required conditions
Ruby Testing / End to End testing (.ruby-version) (push) Blocked by required conditions
Ruby Testing / End to End testing (3.2) (push) Blocked by required conditions
Ruby Testing / End to End testing (3.3) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:8.10.2) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (.ruby-version, opensearchproject/opensearch:2) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (3.2, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
Ruby Testing / Elastic Search integration testing (3.3, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
CSS Linting / lint (push) Has been cancelled
JavaScript Linting / lint (push) Has been cancelled
JavaScript Testing / test (push) Has been cancelled
64 lines
1.6 KiB
Ruby
64 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# This concern is inspired by "sudo mode" on GitHub. It
|
|
# is a way to re-authenticate a user before allowing them
|
|
# to see or perform an action.
|
|
#
|
|
# Add `before_action :require_challenge!` to actions you
|
|
# want to protect.
|
|
#
|
|
# The user will be shown a page to enter the challenge (which
|
|
# is either the password, or just the username when no
|
|
# password exists). Upon passing, there is a grace period
|
|
# during which no challenge will be asked from the user.
|
|
#
|
|
# Accessing challenge-protected resources during the grace
|
|
# period will refresh the grace period.
|
|
module ChallengableConcern
|
|
extend ActiveSupport::Concern
|
|
|
|
CHALLENGE_TIMEOUT = 1.hour.freeze
|
|
|
|
def require_challenge!
|
|
return if skip_challenge?
|
|
|
|
if challenge_passed_recently?
|
|
session[:challenge_passed_at] = Time.now.utc
|
|
return
|
|
end
|
|
|
|
@challenge = Form::Challenge.new(return_to: request.url)
|
|
|
|
if params.key?(:form_challenge)
|
|
if challenge_passed?
|
|
session[:challenge_passed_at] = Time.now.utc
|
|
else
|
|
flash.now[:alert] = I18n.t('challenge.invalid_password')
|
|
render_challenge
|
|
end
|
|
else
|
|
render_challenge
|
|
end
|
|
end
|
|
|
|
def render_challenge
|
|
render 'auth/challenges/new', layout: 'auth'
|
|
end
|
|
|
|
def challenge_passed?
|
|
current_user.valid_password?(challenge_params[:current_password])
|
|
end
|
|
|
|
def skip_challenge?
|
|
current_user.encrypted_password.blank?
|
|
end
|
|
|
|
def challenge_passed_recently?
|
|
session[:challenge_passed_at].present? && session[:challenge_passed_at] >= CHALLENGE_TIMEOUT.ago
|
|
end
|
|
|
|
def challenge_params
|
|
params.expect(form_challenge: [:current_password, :return_to])
|
|
end
|
|
end
|