fediport/pixelfed
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Update DangerZone middleware to use session instead of cookie

Browse source
This commit is contained in:
Daniel Supernault 2018-09-09 21:44:51 -06:00
parent 336deae05b
commit d90cfffa3f
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
2 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/Http/Controllers/AccountController.php
View file

@ -291,9 +291,10 @@ class AccountController extends Controller
]); ]);
$user = Auth::user(); $user = Auth::user();
$password = $request->input('password'); $password = $request->input('password');
$next = $request->cookie('redirectNext') ?:'/'; $next = $request->session()->get('redirectNext', '/');
if(password_verify($password, $user->password) === true) { if(password_verify($password, $user->password) === true) {
return redirect($next)->withCookie('sudoMode', time()); $request->session()->put('sudoMode', time());
return redirect($next);
} }
return redirect($next); return redirect($next);
} }

10
app/Http/Middleware/DangerZone.php
View file

@ -20,11 +20,13 @@ class DangerZone
return redirect(route('login')); return redirect(route('login'));
} }
if(!$request->is('i/auth/sudo')) { if(!$request->is('i/auth/sudo')) {
if( false == $request->cookie('sudoMode') ) { if( !$request->session()->has('sudoMode') ) {
return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url()); $request->session()->put('redirectNext', $request->url());
return redirect('/i/auth/sudo');
} }
if( $request->cookie('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) { if( $request->session()->get('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) {
return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url()); $request->session()->put('redirectNext', $request->url());
return redirect('/i/auth/sudo');
} }
} }
return $next($request); return $next($request);