diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2022-04-06 20:58:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-06 20:58:12 +0200 |
commit | 6221b36b278c02cdbf5b6d1c0753654b506b44fd (patch) | |
tree | f4a8ea0e6636445dfe8417beceaa0cf69476169f /app/controllers/auth | |
parent | abb11778d7d9ac04fe1feeccf5cefc6d2ed58780 (diff) |
Remove sign-in token authentication, instead send e-mail about new sign-in (#17970)
Diffstat (limited to 'app/controllers/auth')
-rw-r--r-- | app/controllers/auth/sessions_controller.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 4d2695bf5..c4c8151e3 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -8,7 +8,6 @@ class Auth::SessionsController < Devise::SessionsController skip_before_action :update_user_sign_in include TwoFactorAuthenticationConcern - include SignInTokenAuthenticationConcern before_action :set_instance_presenter, only: [:new] before_action :set_body_classes @@ -66,7 +65,7 @@ class Auth::SessionsController < Devise::SessionsController end def user_params - params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt, credential: {}) + params.require(:user).permit(:email, :password, :otp_attempt, credential: {}) end def after_sign_in_path_for(resource) @@ -142,6 +141,12 @@ class Auth::SessionsController < Devise::SessionsController ip: request.remote_ip, user_agent: request.user_agent ) + + UserMailer.suspicious_sign_in(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later! if suspicious_sign_in?(user) + end + + def suspicious_sign_in?(user) + SuspiciousSignInDetector.new(user).suspicious?(request) end def on_authentication_failure(user, security_measure, failure_reason) |