diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-04-06 21:10:23 +0200 |
|---|---|---|
| committer | Claire <claire.github-309c@sitedethib.com> | 2022-04-06 21:10:23 +0200 |
| commit | b368c7502931aa06121ecad8a97193b1f17cf90a (patch) | |
| tree | 2b598363926388d30a4c5c6197436b46f6d4610a /app/lib | |
| parent | 00c9363f07081e0149533023992fba47dd905384 (diff) | |
| parent | dd4c156f33a24b8bb89b45b2697aa4036c3ae5be (diff) | |
Merge branch 'main' into glitch-soc/merge-upstream
Conflicts: - `app/controllers/concerns/sign_in_token_authentication_concern.rb`: Upstream removed this file, while glitch-soc had changes to deal with its theming system. Removed the file like upstream did.
Diffstat (limited to 'app/lib')
| -rw-r--r-- | app/lib/suspicious_sign_in_detector.rb | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/app/lib/suspicious_sign_in_detector.rb b/app/lib/suspicious_sign_in_detector.rb new file mode 100644 index 000000000..1af5188c6 --- /dev/null +++ b/app/lib/suspicious_sign_in_detector.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +class SuspiciousSignInDetector + IPV6_TOLERANCE_MASK = 64 + IPV4_TOLERANCE_MASK = 16 + + def initialize(user) + @user = user + end + + def suspicious?(request) + !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request) + end + + private + + def sufficient_security_measures? + @user.otp_required_for_login? + end + + def previously_seen_ip?(request) + @user.ips.where('ip <<= ?', masked_ip(request)).exists? + end + + def freshly_signed_up? + @user.current_sign_in_at.blank? + end + + def masked_ip(request) + masked_ip_addr = begin + ip_addr = IPAddr.new(request.remote_ip) + + if ip_addr.ipv6? + ip_addr.mask(IPV6_TOLERANCE_MASK) + else + ip_addr.mask(IPV4_TOLERANCE_MASK) + end + end + + "#{masked_ip_addr}/#{masked_ip_addr.prefix}" + end +end |