mirror
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Update DangerZone middleware to use session instead of cookie

This commit is contained in:
Daniel Supernault 2018-09-09 21:44:51 -06:00
parent 336deae05b
commit d90cfffa3f
No known key found for this signature in database
GPG Key ID: 0DEF1C662C9033F7
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Controllers/AccountController.php
View File

@ -291,9 +291,10 @@ class AccountController extends Controller
]);
$user = Auth::user();
$password = $request->input('password');
$next = $request->cookie('redirectNext') ?:'/';
$next = $request->session()->get('redirectNext', '/');
if(password_verify($password, $user->password) === true) {
return redirect($next)->withCookie('sudoMode', time());
$request->session()->put('sudoMode', time());
return redirect($next);
}
return redirect($next);
}

10
app/Http/Middleware/DangerZone.php
View File

@ -20,11 +20,13 @@ class DangerZone
return redirect(route('login'));
}
if(!$request->is('i/auth/sudo')) {
if( false == $request->cookie('sudoMode') ) {
return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url());
if( !$request->session()->has('sudoMode') ) {
$request->session()->put('redirectNext', $request->url());
return redirect('/i/auth/sudo');
}
if( $request->cookie('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) {
return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url());
if( $request->session()->get('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) {
$request->session()->put('redirectNext', $request->url());
return redirect('/i/auth/sudo');
}
}
return $next($request);