closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6442 Commits
4 Branches
567 MiB
Tree: 3281df0df1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3281df0df1'
${ noResults }
mastodon/app/controllers/auth/sessions_controller.rb

130 lines
3.2 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
8 years ago
Customizing devise views and controllers
8 years ago
Remember me enabled by default
8 years ago
Customizing devise views and controllers
8 years ago
Remember me enabled by default
8 years ago
Split 2FA login into two prompts
7 years ago
Allow mods to disable login, improve message when login disabled (#8329) * Allow moderators to disable/enable login * Instead of rejecting login, show forbidden error when login disabled Avoid confusion because when login is rejected, the message is that the account is not activated, which is wrong. * Fix tests
6 years ago
Split 2FA login into two prompts
7 years ago
sign_in and sign_up views present og meta infos (#5308)
7 years ago
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
6 years ago
Added optional two-factor authentication
7 years ago
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540)
6 years ago
If login redirects to omniauth, redirect logout to root_path (#6694) Fix #6670
6 years ago
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540)
6 years ago
If login redirects to omniauth, redirect logout to root_path (#6694) Fix #6670
6 years ago
New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540)
6 years ago
Remember me enabled by default
8 years ago
Fix empty flash message on the settings page (#3345)
7 years ago
Remember me enabled by default
8 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
8 years ago
Split 2FA login into two prompts
7 years ago
Add force_login option to OAuth authorize page (#8655) * Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
6 years ago
Split 2FA login into two prompts
7 years ago
Fix empty flash message on the settings page (#3345)
7 years ago
Add force_login option to OAuth authorize page (#8655) * Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
6 years ago
Split 2FA login into two prompts
7 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
8 years ago
Split 2FA login into two prompts
7 years ago
Fix #942: Seamless LDAP login (#6556)
6 years ago
pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
6 years ago
Split 2FA login into two prompts
7 years ago
Added optional two-factor authentication
7 years ago
Go to root after login in single user mode (#3289) In single user mode, visitors are redirected to the single user's profile page. So, if you are the owner without a session, you start from that page, click the login button and authenticate yourself expecting you'll soon get started with the home page, but in reality you'll get redirected back to where you started from -- your own profile page. This fixes the behavior by redirecting you home after login if you have started from your own profile page.
7 years ago
Adding e-mail confirmations
8 years ago
Go to root after login in single user mode (#3289) In single user mode, visitors are redirected to the single user's profile page. So, if you are the owner without a session, you start from that page, click the login button and authenticate yourself expecting you'll soon get started with the home page, but in reality you'll get redirected back to where you started from -- your own profile page. This fixes the behavior by redirecting you home after login if you have started from your own profile page.
7 years ago
Adding e-mail confirmations
8 years ago
Replace logo, fix #57 - delete/unreblog/unfavourite API, fix #45 - app registration API
8 years ago
Split 2FA login into two prompts
7 years ago
If login redirects to omniauth, redirect logout to root_path (#6694) Fix #6670
6 years ago
Split 2FA login into two prompts
7 years ago
Add recovery code support for two-factor auth (#1773) * Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names
7 years ago
Fix Rubocop offences (#2630) * disable Bundler/OrderedGems * fix rubocop Lint/UselessAssignment * fix rubocop Style/BlockDelimiters * fix rubocop Style/AlignHash * fix rubocop Style/AlignParameters, Style/EachWithObject * fix rubocop Style/SpaceInLambdaLiteral
7 years ago
Catch error when server decryption fails on 2FA (#2512)
7 years ago
Split 2FA login into two prompts
7 years ago
Fix some rubocop style issues (#5730)
7 years ago
Split 2FA login into two prompts
7 years ago
Go to root after login in single user mode (#3289) In single user mode, visitors are redirected to the single user's profile page. So, if you are the owner without a session, you start from that page, click the login button and authenticate yourself expecting you'll soon get started with the home page, but in reality you'll get redirected back to where you started from -- your own profile page. This fixes the behavior by redirecting you home after login if you have started from your own profile page.
7 years ago
sign_in and sign_up views present og meta infos (#5308)
7 years ago
Compensate for scrollbar disappearing when media modal visible (#8100) * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
6 years ago
Go to root after login in single user mode (#3289) In single user mode, visitors are redirected to the single user's profile page. So, if you are the owner without a session, you start from that page, click the login button and authenticate yourself expecting you'll soon get started with the home page, but in reality you'll get redirected back to where you started from -- your own profile page. This fixes the behavior by redirecting you home after login if you have started from your own profile page.
7 years ago
feat(auth/session_controller): Send Clear-Site-Data when logging out (#8627) Will clear the browser's cache, cookies and storage. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data https://w3c.github.io/webappsec-clear-site-data/
6 years ago
Add force_login option to OAuth authorize page (#8655) * Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
6 years ago
Customizing devise views and controllers
8 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. class Auth::SessionsController < Devise::SessionsController
  4.   include Devise::Controllers::Rememberable
  5. 

  6.   layout 'auth'
  7. 

  8.   skip_before_action :require_no_authentication, only: [:create]
  9.   skip_before_action :check_user_permissions, only: [:destroy]
  10.   prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create]
  11.   before_action :set_instance_presenter, only: [:new]
  12.   before_action :set_body_classes
  13. 

  14.   def new
  15.     Devise.omniauth_configs.each do |provider, config|
  16.       return redirect_to(omniauth_authorize_path(resource_name, provider)) if config.strategy.redirect_at_sign_in
  17.     end
  18. 

  19.     super
  20.   end
  21. 

  22.   def create
  23.     super do |resource|
  24.       remember_me(resource)
  25.       flash.delete(:notice)
  26.     end
  27.   end
  28. 

  29.   def destroy
  30.     tmp_stored_location = stored_location_for(:user)
  31.     super
  32.     flash.delete(:notice)
  33.     store_location_for(:user, tmp_stored_location) if continue_after?
  34.   end
  35. 

  36.   protected
  37. 

  38.   def find_user
  39.     if session[:otp_user_id]
  40.       User.find(session[:otp_user_id])
  41.     elsif user_params[:email]
  42.       if use_seamless_external_login? && Devise.check_at_sign && user_params[:email].index('@').nil?
  43.         User.joins(:account).find_by(accounts: { username: user_params[:email] })
  44.       else
  45.         User.find_for_authentication(email: user_params[:email])
  46.       end
  47.     end
  48.   end
  49. 

  50.   def user_params
  51.     params.require(:user).permit(:email, :password, :otp_attempt)
  52.   end
  53. 

  54.   def after_sign_in_path_for(resource)
  55.     last_url = stored_location_for(:user)
  56. 

  57.     if home_paths(resource).include?(last_url)
  58.       root_path
  59.     else
  60.       last_url || root_path
  61.     end
  62.   end
  63. 

  64.   def after_sign_out_path_for(_resource_or_scope)
  65.     Devise.omniauth_configs.each_value do |config|
  66.       return root_path if config.strategy.redirect_at_sign_in
  67.     end
  68. 

  69.     super
  70.   end
  71. 

  72.   def two_factor_enabled?
  73.     find_user.try(:otp_required_for_login?)
  74.   end
  75. 

  76.   def valid_otp_attempt?(user)
  77.     user.validate_and_consume_otp!(user_params[:otp_attempt]) ||
  78.       user.invalidate_otp_backup_code!(user_params[:otp_attempt])
  79.   rescue OpenSSL::Cipher::CipherError => _error
  80.     false
  81.   end
  82. 

  83.   def authenticate_with_two_factor
  84.     user = self.resource = find_user
  85. 

  86.     if user_params[:otp_attempt].present? && session[:otp_user_id]
  87.       authenticate_with_two_factor_via_otp(user)
  88.     elsif user&.valid_password?(user_params[:password])
  89.       prompt_for_two_factor(user)
  90.     end
  91.   end
  92. 

  93.   def authenticate_with_two_factor_via_otp(user)
  94.     if valid_otp_attempt?(user)
  95.       session.delete(:otp_user_id)
  96.       remember_me(user)
  97.       sign_in(user)
  98.     else
  99.       flash.now[:alert] = I18n.t('users.invalid_otp_token')
  100.       prompt_for_two_factor(user)
  101.     end
  102.   end
  103. 

  104.   def prompt_for_two_factor(user)
  105.     session[:otp_user_id] = user.id
  106.     render :two_factor
  107.   end
  108. 

  109.   private
  110. 

  111.   def set_instance_presenter
  112.     @instance_presenter = InstancePresenter.new
  113.   end
  114. 

  115.   def set_body_classes
  116.     @body_classes = 'lighter'
  117.   end
  118. 

  119.   def home_paths(resource)
  120.     paths = [about_path]
  121.     if single_user_mode? && resource.is_a?(User)
  122.       paths << short_account_path(username: resource.account)
  123.     end
  124.     paths
  125.   end
  126. 

  127.   def continue_after?
  128.     truthy_param?(:continue)
  129.   end
  130. end