chris
/
pixelfed
forked from mirror/pixelfed
1
0
Fork 0
Code Pull Requests Activity

Update DangerZone/Sudo middleware

This commit is contained in:
Daniel Supernault 2020-02-17 23:16:44 -07:00
parent 88534f2deb
commit 6a16559132
No known key found for this signature in database
GPG Key ID: 0DEF1C662C9033F7
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/Http/Controllers/AccountController.php
View File

@ -270,7 +270,6 @@ class AccountController extends Controller
return redirect()->back();
}
public function unblock(Request $request)
{
$this->validate($request, [
@ -362,6 +361,13 @@ class AccountController extends Controller
public function sudoMode(Request $request)
{
if($request->session()->has('sudoModeAttempts') && $request->session()->get('sudoModeAttempts') >= 3) {
$request->session()->pull('2fa.session.active');
$request->session()->pull('redirectNext');
$request->session()->pull('sudoModeAttempts');
Auth::logout();
return redirect(route('login'));
}
return view('auth.sudo');
}
@ -373,6 +379,12 @@ class AccountController extends Controller
$user = Auth::user();
$password = $request->input('password');
$next = $request->session()->get('redirectNext', '/');
if($request->session()->has('sudoModeAttempts')) {
$count = (int) $request->session()->get('sudoModeAttempts');
$request->session()->put('sudoModeAttempts', $count + 1);
} else {
$request->session()->put('sudoModeAttempts', 1);
}
if(password_verify($password, $user->password) === true) {
$request->session()->put('sudoMode', time());
return redirect($next);

6
app/Http/Middleware/DangerZone.php
View File

@ -16,6 +16,12 @@ class DangerZone
*/
public function handle($request, Closure $next)
{
if( $request->session()->get('sudoModeAttempts') > 3) {
$request->session()->pull('redirectNext');
$request->session()->pull('sudoModeAttempts');
Auth::logout();
return redirect(route('login'));
}
if(!Auth::check()) {
return redirect(route('login'));
}