diff options
Diffstat (limited to 'app')
26 files changed, 156 insertions, 228 deletions
diff --git a/app/controllers/admin/sign_in_token_authentications_controller.rb b/app/controllers/admin/sign_in_token_authentications_controller.rb deleted file mode 100644 index e620ab292..000000000 --- a/app/controllers/admin/sign_in_token_authentications_controller.rb +++ /dev/null @@ -1,27 +0,0 @@ -# frozen_string_literal: true - -module Admin - class SignInTokenAuthenticationsController < BaseController - before_action :set_target_user - - def create - authorize @user, :enable_sign_in_token_auth? - @user.update(skip_sign_in_token: false) - log_action :enable_sign_in_token_auth, @user - redirect_to admin_account_path(@user.account_id) - end - - def destroy - authorize @user, :disable_sign_in_token_auth? - @user.update(skip_sign_in_token: true) - log_action :disable_sign_in_token_auth, @user - redirect_to admin_account_path(@user.account_id) - end - - private - - def set_target_user - @user = User.find(params[:user_id]) - end - end -end diff --git a/app/controllers/api/v1/admin/account_actions_controller.rb b/app/controllers/api/v1/admin/account_actions_controller.rb index 15af50822..6c9e04402 100644 --- a/app/controllers/api/v1/admin/account_actions_controller.rb +++ b/app/controllers/api/v1/admin/account_actions_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::AccountActionsController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:write', :'admin:write:accounts' } before_action :require_staff! before_action :set_account diff --git a/app/controllers/api/v1/admin/accounts_controller.rb b/app/controllers/api/v1/admin/accounts_controller.rb index 4b6dab208..dc9d3402f 100644 --- a/app/controllers/api/v1/admin/accounts_controller.rb +++ b/app/controllers/api/v1/admin/accounts_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::AccountsController < Api::BaseController - protect_from_forgery with: :exception - include Authorization include AccountableConcern diff --git a/app/controllers/api/v1/admin/dimensions_controller.rb b/app/controllers/api/v1/admin/dimensions_controller.rb index b1f738990..49a5be1c3 100644 --- a/app/controllers/api/v1/admin/dimensions_controller.rb +++ b/app/controllers/api/v1/admin/dimensions_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::DimensionsController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_dimensions diff --git a/app/controllers/api/v1/admin/measures_controller.rb b/app/controllers/api/v1/admin/measures_controller.rb index d64c3cdf7..da95d3422 100644 --- a/app/controllers/api/v1/admin/measures_controller.rb +++ b/app/controllers/api/v1/admin/measures_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::MeasuresController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_measures diff --git a/app/controllers/api/v1/admin/reports_controller.rb b/app/controllers/api/v1/admin/reports_controller.rb index fbfd0ee12..865ba3d23 100644 --- a/app/controllers/api/v1/admin/reports_controller.rb +++ b/app/controllers/api/v1/admin/reports_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::ReportsController < Api::BaseController - protect_from_forgery with: :exception - include Authorization include AccountableConcern diff --git a/app/controllers/api/v1/admin/retention_controller.rb b/app/controllers/api/v1/admin/retention_controller.rb index 4af5a5c4d..98d1a3d81 100644 --- a/app/controllers/api/v1/admin/retention_controller.rb +++ b/app/controllers/api/v1/admin/retention_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::RetentionController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_cohorts diff --git a/app/controllers/api/v1/admin/trends/links_controller.rb b/app/controllers/api/v1/admin/trends/links_controller.rb index 63b3d9358..0a191fe4b 100644 --- a/app/controllers/api/v1/admin/trends/links_controller.rb +++ b/app/controllers/api/v1/admin/trends/links_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::Trends::LinksController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_links diff --git a/app/controllers/api/v1/admin/trends/statuses_controller.rb b/app/controllers/api/v1/admin/trends/statuses_controller.rb index 86633cc74..cb145f165 100644 --- a/app/controllers/api/v1/admin/trends/statuses_controller.rb +++ b/app/controllers/api/v1/admin/trends/statuses_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::Trends::StatusesController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_statuses diff --git a/app/controllers/api/v1/admin/trends/tags_controller.rb b/app/controllers/api/v1/admin/trends/tags_controller.rb index 5cc4c269d..9c28b0412 100644 --- a/app/controllers/api/v1/admin/trends/tags_controller.rb +++ b/app/controllers/api/v1/admin/trends/tags_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::Admin::Trends::TagsController < Api::BaseController - protect_from_forgery with: :exception - before_action -> { authorize_if_got_token! :'admin:read' } before_action :require_staff! before_action :set_tags diff --git a/app/controllers/api/v1/trends/tags_controller.rb b/app/controllers/api/v1/trends/tags_controller.rb index d77857871..329ef5ae7 100644 --- a/app/controllers/api/v1/trends/tags_controller.rb +++ b/app/controllers/api/v1/trends/tags_controller.rb @@ -16,7 +16,7 @@ class Api::V1::Trends::TagsController < Api::BaseController def set_tags @tags = begin if Setting.trends - Trends.tags.query.allowed.limit(limit_param(DEFAULT_TAGS_LIMIT)) + Trends.tags.query.allowed.offset(offset_param).limit(limit_param(DEFAULT_TAGS_LIMIT)) else [] end diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 8607077f7..056f8a9f1 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -10,7 +10,6 @@ class Auth::SessionsController < Devise::SessionsController prepend_before_action :set_pack include TwoFactorAuthenticationConcern - include SignInTokenAuthenticationConcern before_action :set_instance_presenter, only: [:new] before_action :set_body_classes @@ -68,7 +67,7 @@ class Auth::SessionsController < Devise::SessionsController end def user_params - params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt, credential: {}) + params.require(:user).permit(:email, :password, :otp_attempt, credential: {}) end def after_sign_in_path_for(resource) @@ -148,6 +147,12 @@ class Auth::SessionsController < Devise::SessionsController ip: request.remote_ip, user_agent: request.user_agent ) + + UserMailer.suspicious_sign_in(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later! if suspicious_sign_in?(user) + end + + def suspicious_sign_in?(user) + SuspiciousSignInDetector.new(user).suspicious?(request) end def on_authentication_failure(user, security_measure, failure_reason) diff --git a/app/controllers/concerns/sign_in_token_authentication_concern.rb b/app/controllers/concerns/sign_in_token_authentication_concern.rb deleted file mode 100644 index 4eb3d7181..000000000 --- a/app/controllers/concerns/sign_in_token_authentication_concern.rb +++ /dev/null @@ -1,57 +0,0 @@ -# frozen_string_literal: true - -module SignInTokenAuthenticationConcern - extend ActiveSupport::Concern - - included do - prepend_before_action :authenticate_with_sign_in_token, if: :sign_in_token_required?, only: [:create] - end - - def sign_in_token_required? - find_user&.suspicious_sign_in?(request.remote_ip) - end - - def valid_sign_in_token_attempt?(user) - Devise.secure_compare(user.sign_in_token, user_params[:sign_in_token_attempt]) - end - - def authenticate_with_sign_in_token - if user_params[:email].present? - user = self.resource = find_user_from_params - prompt_for_sign_in_token(user) if user&.external_or_valid_password?(user_params[:password]) - elsif session[:attempt_user_id] - user = self.resource = User.find_by(id: session[:attempt_user_id]) - return if user.nil? - - if session[:attempt_user_updated_at] != user.updated_at.to_s - restart_session - elsif user_params.key?(:sign_in_token_attempt) - authenticate_with_sign_in_token_attempt(user) - end - end - end - - def authenticate_with_sign_in_token_attempt(user) - if valid_sign_in_token_attempt?(user) - on_authentication_success(user, :sign_in_token) - else - on_authentication_failure(user, :sign_in_token, :invalid_sign_in_token) - flash.now[:alert] = I18n.t('users.invalid_sign_in_token') - prompt_for_sign_in_token(user) - end - end - - def prompt_for_sign_in_token(user) - if user.sign_in_token_expired? - user.generate_sign_in_token && user.save - UserMailer.sign_in_token(user, request.remote_ip, request.user_agent, Time.now.utc.to_s).deliver_later! - end - - set_attempt_session(user) - use_pack 'auth' - - @body_classes = 'lighter' - - set_locale { render :sign_in_token } - end -end diff --git a/app/javascript/mastodon/reducers/timelines.js b/app/javascript/mastodon/reducers/timelines.js index b66c19fd5..301997567 100644 --- a/app/javascript/mastodon/reducers/timelines.js +++ b/app/javascript/mastodon/reducers/timelines.js @@ -16,7 +16,7 @@ import { ACCOUNT_MUTE_SUCCESS, ACCOUNT_UNFOLLOW_SUCCESS, } from '../actions/accounts'; -import { Map as ImmutableMap, List as ImmutableList, fromJS } from 'immutable'; +import { Map as ImmutableMap, List as ImmutableList, OrderedSet as ImmutableOrderedSet, fromJS } from 'immutable'; import compareId from '../compare_id'; const initialState = ImmutableMap(); @@ -32,6 +32,13 @@ const initialTimeline = ImmutableMap({ }); const expandNormalizedTimeline = (state, timeline, statuses, next, isPartial, isLoadingRecent, usePendingItems) => { + // This method is pretty tricky because: + // - existing items in the timeline might be out of order + // - the existing timeline may have gaps, most often explicitly noted with a `null` item + // - ideally, we don't want it to reorder existing items of the timeline + // - `statuses` may include items that are already included in the timeline + // - this function can be called either to fill in a gap, or load newer items + return state.update(timeline, initialTimeline, map => map.withMutations(mMap => { mMap.set('isLoading', false); mMap.set('isPartial', isPartial); @@ -46,15 +53,33 @@ const expandNormalizedTimeline = (state, timeline, statuses, next, isPartial, is mMap.update(usePendingItems ? 'pendingItems' : 'items', ImmutableList(), oldIds => { const newIds = statuses.map(status => status.get('id')); + // Now this gets tricky, as we don't necessarily know for sure where the gap to fill is + // and some items in the timeline may not be properly ordered. + + // However, we know that `newIds.last()` is the oldest item that was requested and that + // there is no “hole” between `newIds.last()` and `newIds.first()`. + + // First, find the furthest (if properly sorted, oldest) item in the timeline that is + // newer than the oldest fetched one, as it's most likely that it delimits the gap. + // Start the gap *after* that item. const lastIndex = oldIds.findLastIndex(id => id !== null && compareId(id, newIds.last()) >= 0) + 1; - const firstIndex = oldIds.take(lastIndex).findLastIndex(id => id !== null && compareId(id, newIds.first()) > 0); - if (firstIndex < 0) { - return (isPartial ? newIds.unshift(null) : newIds).concat(oldIds.skip(lastIndex)); + // Then, try to find the furthest (if properly sorted, oldest) item in the timeline that + // is newer than the most recent fetched one, as it delimits a section comprised of only + // items present in `newIds` (or that were deleted from the server, so should be removed + // anyway). + // Stop the gap *after* that item. + const firstIndex = oldIds.take(lastIndex).findLastIndex(id => id !== null && compareId(id, newIds.first()) > 0) + 1; + + // Make sure we aren't inserting duplicates + let insertedIds = ImmutableOrderedSet(newIds).subtract(oldIds.take(firstIndex), oldIds.skip(lastIndex)).toList(); + // Finally, insert a gap marker if the data is marked as partial by the server + if (isPartial && (firstIndex === 0 || oldIds.get(firstIndex - 1) !== null)) { + insertedIds = insertedIds.unshift(null); } - return oldIds.take(firstIndex + 1).concat( - isPartial && oldIds.get(firstIndex) !== null ? newIds.unshift(null) : newIds, + return oldIds.take(firstIndex).concat( + insertedIds, oldIds.skip(lastIndex), ); }); diff --git a/app/javascript/styles/mailer.scss b/app/javascript/styles/mailer.scss index 34852178e..18fe522eb 100644 --- a/app/javascript/styles/mailer.scss +++ b/app/javascript/styles/mailer.scss @@ -435,6 +435,10 @@ h5 { background: $success-green; } + &.warning-icon td { + background: $gold-star; + } + &.alert-icon td { background: $error-red; } diff --git a/app/lib/suspicious_sign_in_detector.rb b/app/lib/suspicious_sign_in_detector.rb new file mode 100644 index 000000000..1af5188c6 --- /dev/null +++ b/app/lib/suspicious_sign_in_detector.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +class SuspiciousSignInDetector + IPV6_TOLERANCE_MASK = 64 + IPV4_TOLERANCE_MASK = 16 + + def initialize(user) + @user = user + end + + def suspicious?(request) + !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request) + end + + private + + def sufficient_security_measures? + @user.otp_required_for_login? + end + + def previously_seen_ip?(request) + @user.ips.where('ip <<= ?', masked_ip(request)).exists? + end + + def freshly_signed_up? + @user.current_sign_in_at.blank? + end + + def masked_ip(request) + masked_ip_addr = begin + ip_addr = IPAddr.new(request.remote_ip) + + if ip_addr.ipv6? + ip_addr.mask(IPV6_TOLERANCE_MASK) + else + ip_addr.mask(IPV4_TOLERANCE_MASK) + end + end + + "#{masked_ip_addr}/#{masked_ip_addr.prefix}" + end +end diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 1a823328c..ce36dd6f5 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -167,9 +167,7 @@ class UserMailer < Devise::Mailer @statuses = @warning.statuses.includes(:account, :preloadable_poll, :media_attachments, active_mentions: [:account]) I18n.with_locale(@resource.locale || I18n.default_locale) do - mail to: @resource.email, - subject: I18n.t("user_mailer.warning.subject.#{@warning.action}", acct: "@#{user.account.local_username_and_domain}"), - reply_to: ENV['SMTP_REPLY_TO'] + mail to: @resource.email, subject: I18n.t("user_mailer.warning.subject.#{@warning.action}", acct: "@#{user.account.local_username_and_domain}") end end @@ -193,7 +191,7 @@ class UserMailer < Devise::Mailer end end - def sign_in_token(user, remote_ip, user_agent, timestamp) + def suspicious_sign_in(user, remote_ip, user_agent, timestamp) @resource = user @instance = Rails.configuration.x.local_domain @remote_ip = remote_ip @@ -201,12 +199,8 @@ class UserMailer < Devise::Mailer @detection = Browser.new(user_agent) @timestamp = timestamp.to_time.utc - return unless @resource.active_for_authentication? - I18n.with_locale(@resource.locale || I18n.default_locale) do - mail to: @resource.email, - subject: I18n.t('user_mailer.sign_in_token.subject'), - reply_to: ENV['SMTP_REPLY_TO'] + mail to: @resource.email, subject: I18n.t('user_mailer.suspicious_sign_in.subject') end end end diff --git a/app/models/user.rb b/app/models/user.rb index 76ad7d1b2..5dd93519c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -47,6 +47,7 @@ class User < ApplicationRecord remember_token current_sign_in_ip last_sign_in_ip + skip_sign_in_token ) include Settings::Extend @@ -132,7 +133,7 @@ class User < ApplicationRecord :disable_swiping, :default_content_type, :system_emoji_font, to: :settings, prefix: :setting, allow_nil: false - attr_reader :invite_code, :sign_in_token_attempt + attr_reader :invite_code attr_writer :external, :bypass_invite_request_check def confirmed? @@ -200,10 +201,6 @@ class User < ApplicationRecord !account.memorial? end - def suspicious_sign_in?(ip) - !otp_required_for_login? && !skip_sign_in_token? && current_sign_in_at.present? && !ips.where(ip: ip).exists? - end - def functional? confirmed? && approved? && !disabled? && !account.suspended? && !account.memorial? end @@ -376,15 +373,6 @@ class User < ApplicationRecord setting_display_media == 'hide_all' end - def sign_in_token_expired? - sign_in_token_sent_at.nil? || sign_in_token_sent_at < 5.minutes.ago - end - - def generate_sign_in_token - self.sign_in_token = Devise.friendly_token(6) - self.sign_in_token_sent_at = Time.now.utc - end - protected def send_devise_notification(notification, *args, **kwargs) diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 92e2c4f4b..140905e1f 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -13,14 +13,6 @@ class UserPolicy < ApplicationPolicy admin? && !record.staff? end - def disable_sign_in_token_auth? - staff? - end - - def enable_sign_in_token_auth? - staff? - end - def confirm? staff? && !record.confirmed? end diff --git a/app/services/activitypub/fetch_featured_collection_service.rb b/app/services/activitypub/fetch_featured_collection_service.rb index 780741feb..66234b711 100644 --- a/app/services/activitypub/fetch_featured_collection_service.rb +++ b/app/services/activitypub/fetch_featured_collection_service.rb @@ -22,9 +22,19 @@ class ActivityPub::FetchFeaturedCollectionService < BaseService private def process_items(items) - status_ids = items.map { |item| value_or_id(item) } - .filter_map { |uri| ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: local_follower) unless ActivityPub::TagManager.instance.local_uri?(uri) } - .filter_map { |status| status.id if status.account_id == @account.id } + status_ids = items.filter_map do |item| + uri = value_or_id(item) + next if ActivityPub::TagManager.instance.local_uri?(uri) + + status = ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: local_follower) + next unless status.account_id == @account.id + + status.id + rescue ActiveRecord::RecordInvalid => e + Rails.logger.debug "Invalid pinned status #{uri}: #{e.message}" + nil + end + to_remove = [] to_add = status_ids diff --git a/app/services/activitypub/process_status_update_service.rb b/app/services/activitypub/process_status_update_service.rb index 6dc14d8c2..3d9d9cb84 100644 --- a/app/services/activitypub/process_status_update_service.rb +++ b/app/services/activitypub/process_status_update_service.rb @@ -17,10 +17,19 @@ class ActivityPub::ProcessStatusUpdateService < BaseService # Only native types can be updated at the moment return @status if !expected_type? || already_updated_more_recently? - last_edit_date = status.edited_at.presence || status.created_at + if @status_parser.edited_at.present? && (@status.edited_at.nil? || @status_parser.edited_at > @status.edited_at) + handle_explicit_update! + else + handle_implicit_update! + end + + @status + end + + private - # Since we rely on tracking of previous changes, ensure clean slate - status.clear_changes_information + def handle_explicit_update! + last_edit_date = @status.edited_at.presence || @status.created_at # Only allow processing one create/update per status at a time RedisLock.acquire(lock_options) do |lock| @@ -45,12 +54,20 @@ class ActivityPub::ProcessStatusUpdateService < BaseService end end - forward_activity! if significant_changes? && @status_parser.edited_at.present? && @status_parser.edited_at > last_edit_date - - @status + forward_activity! if significant_changes? && @status_parser.edited_at > last_edit_date end - private + def handle_implicit_update! + RedisLock.acquire(lock_options) do |lock| + if lock.acquired? + update_poll!(allow_significant_changes: false) + else + raise Mastodon::RaceConditionError + end + end + + queue_poll_notifications! + end def update_media_attachments! previous_media_attachments = @status.media_attachments.to_a @@ -98,7 +115,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService @media_attachments_changed = true if @status.ordered_media_attachment_ids != previous_media_attachments_ids end - def update_poll! + def update_poll!(allow_significant_changes: true) previous_poll = @status.preloadable_poll @previous_expires_at = previous_poll&.expires_at poll_parser = ActivityPub::Parser::PollParser.new(@json) @@ -109,6 +126,7 @@ class ActivityPub::ProcessStatusUpdateService < BaseService # If for some reasons the options were changed, it invalidates all previous # votes, so we need to remove them @poll_changed = true if poll_parser.significantly_changes?(poll) + return if @poll_changed && !allow_significant_changes poll.last_fetched_at = Time.now.utc poll.options = poll_parser.options @@ -121,6 +139,8 @@ class ActivityPub::ProcessStatusUpdateService < BaseService @status.poll_id = poll.id elsif previous_poll.present? + return unless allow_significant_changes + previous_poll.destroy! @poll_changed = true @status.poll_id = nil @@ -132,7 +152,10 @@ class ActivityPub::ProcessStatusUpdateService < BaseService @status.spoiler_text = @status_parser.spoiler_text || '' @status.sensitive = @account.sensitized? || @status_parser.sensitive || false @status.language = @status_parser.language - @status.edited_at = @status_parser.edited_at || Time.now.utc if significant_changes? + + @significant_changes = text_significantly_changed? || @status.spoiler_text_changed? || @media_attachments_changed || @poll_changed + + @status.edited_at = @status_parser.edited_at if significant_changes? @status.save! end @@ -243,7 +266,14 @@ class ActivityPub::ProcessStatusUpdateService < BaseService end def significant_changes? - @status.text_changed? || @status.text_previously_changed? || @status.spoiler_text_changed? || @status.spoiler_text_previously_changed? || @media_attachments_changed || @poll_changed + @significant_changes + end + + def text_significantly_changed? + return false unless @status.text_changed? + + old, new = @status.text_change + HtmlAwareFormatter.new(old, false).to_s != HtmlAwareFormatter.new(new, false).to_s end def already_updated_more_recently? diff --git a/app/services/remove_status_service.rb b/app/services/remove_status_service.rb index c28e16572..dfe9f9ac5 100644 --- a/app/services/remove_status_service.rb +++ b/app/services/remove_status_service.rb @@ -17,10 +17,10 @@ class RemoveStatusService < BaseService @account = status.account @options = options - @status.discard - RedisLock.acquire(lock_options) do |lock| if lock.acquired? + @status.discard + remove_from_self if @account.local? remove_from_followers remove_from_lists diff --git a/app/views/admin/accounts/show.html.haml b/app/views/admin/accounts/show.html.haml index 1230294fe..a69832b04 100644 --- a/app/views/admin/accounts/show.html.haml +++ b/app/views/admin/accounts/show.html.haml @@ -128,17 +128,11 @@ %td{ rowspan: can?(:reset_password, @account.user) ? 2 : 1 } - if @account.user&.two_factor_enabled? = t 'admin.accounts.security_measures.password_and_2fa' - - elsif @account.user&.skip_sign_in_token? - = t 'admin.accounts.security_measures.only_password' - else - = t 'admin.accounts.security_measures.password_and_sign_in_token' + = t 'admin.accounts.security_measures.only_password' %td - if @account.user&.two_factor_enabled? = table_link_to 'unlock', t('admin.accounts.disable_two_factor_authentication'), admin_user_two_factor_authentication_path(@account.user.id), method: :delete if can?(:disable_2fa, @account.user) - - elsif @account.user&.skip_sign_in_token? - = table_link_to 'lock', t('admin.accounts.enable_sign_in_token_auth'), admin_user_sign_in_token_authentication_path(@account.user.id), method: :post if can?(:enable_sign_in_token_auth, @account.user) - - else - = table_link_to 'unlock', t('admin.accounts.disable_sign_in_token_auth'), admin_user_sign_in_token_authentication_path(@account.user.id), method: :delete if can?(:disable_sign_in_token_auth, @account.user) - if can?(:reset_password, @account.user) %tr diff --git a/app/views/auth/sessions/sign_in_token.html.haml b/app/views/auth/sessions/sign_in_token.html.haml deleted file mode 100644 index 8923203cd..000000000 --- a/app/views/auth/sessions/sign_in_token.html.haml +++ /dev/null @@ -1,14 +0,0 @@ -- content_for :page_title do - = t('auth.login') - -= simple_form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f| - %p.hint.otp-hint= t('users.suspicious_sign_in_confirmation') - - .fields-group - = f.input :sign_in_token_attempt, type: :number, wrapper: :with_label, label: t('simple_form.labels.defaults.sign_in_token_attempt'), input_html: { 'aria-label' => t('simple_form.labels.defaults.sign_in_token_attempt'), :autocomplete => 'off' }, autofocus: true - - .actions - = f.button :button, t('auth.login'), type: :submit - - - if Setting.site_contact_email.present? - %p.hint.subtle-hint= t('users.generic_access_help_html', email: mail_to(Setting.site_contact_email, nil)) diff --git a/app/views/user_mailer/sign_in_token.html.haml b/app/views/user_mailer/suspicious_sign_in.html.haml index 826b34e7c..856f9fb7c 100644 --- a/app/views/user_mailer/sign_in_token.html.haml +++ b/app/views/user_mailer/suspicious_sign_in.html.haml @@ -13,32 +13,14 @@ %tbody %tr %td.column-cell.text-center.padded - %table.hero-icon.alert-icon{ align: 'center', cellspacing: 0, cellpadding: 0 } + %table.hero-icon.warning-icon{ align: 'center', cellspacing: 0, cellpadding: 0 } %tbody %tr %td - = image_tag full_pack_url('media/images/mailer/icon_email.png'), alt: '' + = image_tag full_pack_url('media/images/mailer/icon_lock_open.png'), alt: '' - %h1= t 'user_mailer.sign_in_token.title' - %p.lead= t 'user_mailer.sign_in_token.explanation' - -%table.email-table{ cellspacing: 0, cellpadding: 0 } - %tbody - %tr - %td.email-body - .email-container - %table.content-section{ cellspacing: 0, cellpadding: 0 } - %tbody - %tr - %td.content-cell.content-start - %table.column{ cellspacing: 0, cellpadding: 0 } - %tbody - %tr - %td.column-cell.input-cell - %table.input{ align: 'center', cellspacing: 0, cellpadding: 0 } - %tbody - %tr - %td= @resource.sign_in_token + %h1= t 'user_mailer.suspicious_sign_in.title' + %p= t 'user_mailer.suspicious_sign_in.explanation' %table.email-table{ cellspacing: 0, cellpadding: 0 } %tbody @@ -55,7 +37,7 @@ %tbody %tr %td.column-cell.text-center - %p= t 'user_mailer.sign_in_token.details' + %p= t 'user_mailer.suspicious_sign_in.details' %tr %td.column-cell.text-center %p @@ -82,24 +64,4 @@ %tbody %tr %td.column-cell.text-center - %p= t 'user_mailer.sign_in_token.further_actions' - -%table.email-table{ cellspacing: 0, cellpadding: 0 } - %tbody - %tr - %td.email-body - .email-container - %table.content-section{ cellspacing: 0, cellpadding: 0 } - %tbody - %tr - %td.content-cell - %table.column{ cellspacing: 0, cellpadding: 0 } - %tbody - %tr - %td.column-cell.button-cell - %table.button{ align: 'center', cellspacing: 0, cellpadding: 0 } - %tbody - %tr - %td.button-primary - = link_to edit_user_registration_url do - %span= t 'settings.account_settings' + %p= t 'user_mailer.suspicious_sign_in.further_actions_html', action: link_to(t('user_mailer.suspicious_sign_in.change_password'), edit_user_registration_url) diff --git a/app/views/user_mailer/sign_in_token.text.erb b/app/views/user_mailer/suspicious_sign_in.text.erb index 2539ddaf6..7d2ca28e8 100644 --- a/app/views/user_mailer/sign_in_token.text.erb +++ b/app/views/user_mailer/suspicious_sign_in.text.erb @@ -1,17 +1,15 @@ -<%= t 'user_mailer.sign_in_token.title' %> +<%= t 'user_mailer.suspicious_sign_in.title' %> === -<%= t 'user_mailer.sign_in_token.explanation' %> +<%= t 'user_mailer.suspicious_sign_in.explanation' %> -=> <%= @resource.sign_in_token %> - -<%= t 'user_mailer.sign_in_token.details' %> +<%= t 'user_mailer.suspicious_sign_in.details' %> <%= t('sessions.ip') %>: <%= @remote_ip %> <%= t('sessions.browser') %>: <%= t('sessions.description', browser: t("sessions.browsers.#{@detection.id}", default: "#{@detection.id}"), platform: t("sessions.platforms.#{@detection.platform.id}", default: "#{@detection.platform.id}")) %> <%= l(@timestamp) %> -<%= t 'user_mailer.sign_in_token.further_actions' %> +<%= t 'user_mailer.suspicious_sign_in.further_actions_html', action: t('user_mailer.suspicious_sign_in.change_password') %> => <%= edit_user_registration_url %> |