Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Refactor settings controllers (#14767)

Browse source 
- Disallow suspended accounts from revoking sessions and apps
- Allow suspended accounts to access exports
This commit is contained in:
Eugen Rochko 2020-09-11 20:56:35 +02:00 committed by GitHub
parent e6b272e5c9
commit 4e4b3a0c8e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 65 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/settings/aliases_controller.rb
View file

@ -1,9 +1,9 @@
# frozen_string_literal: true
class Settings::AliasesController < Settings::BaseController
layout 'admin'
skip_before_action :require_functional!
before_action :authenticate_user!
before_action :require_not_suspended!
before_action :set_aliases, except: :destroy
before_action :set_alias, only: :destroy

3
app/controllers/settings/applications_controller.rb
View file

@ -1,9 +1,6 @@
# frozen_string_literal: true
class Settings::ApplicationsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_application, only: [:show, :update, :destroy, :regenerate]
before_action :prepare_scopes, only: [:create, :update]

7
app/controllers/settings/base_controller.rb
View file

@ -1,6 +1,9 @@
# frozen_string_literal: true
class Settings::BaseController < ApplicationController
layout 'admin'
before_action :authenticate_user!
before_action :set_body_classes
before_action :set_cache_headers
@ -13,4 +16,8 @@ class Settings::BaseController < ApplicationController
def set_cache_headers
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
end
def require_not_suspended!
forbidden if current_account.suspended?
end
end

9
app/controllers/settings/deletes_controller.rb
View file

@ -1,14 +1,11 @@
# frozen_string_literal: true
class Settings::DeletesController < Settings::BaseController
layout 'admin'
before_action :check_enabled_deletion
before_action :authenticate_user!
before_action :require_not_suspended!
skip_before_action :require_functional!
before_action :require_not_suspended!
before_action :check_enabled_deletion
def show
@confirmation = Form::DeleteConfirmation.new
end

2
app/controllers/settings/exports/blocked_accounts_controller.rb
View file

@ -2,7 +2,7 @@
module Settings
module Exports
class BlockedAccountsController < ApplicationController
class BlockedAccountsController < BaseController
include ExportControllerConcern
def index

2
app/controllers/settings/exports/blocked_domains_controller.rb
View file

@ -2,7 +2,7 @@
module Settings
module Exports
class BlockedDomainsController < ApplicationController
class BlockedDomainsController < BaseController
include ExportControllerConcern
def index

2
app/controllers/settings/exports/following_accounts_controller.rb
View file

@ -2,7 +2,7 @@
module Settings
module Exports
class FollowingAccountsController < ApplicationController
class FollowingAccountsController < BaseController
include ExportControllerConcern
def index

2
app/controllers/settings/exports/lists_controller.rb
View file

@ -2,7 +2,7 @@
module Settings
module Exports
class ListsController < ApplicationController
class ListsController < BaseController
include ExportControllerConcern
def index

2
app/controllers/settings/exports/muted_accounts_controller.rb
View file

@ -2,7 +2,7 @@
module Settings
module Exports
class MutedAccountsController < ApplicationController
class MutedAccountsController < BaseController
include ExportControllerConcern
def index

11
app/controllers/settings/exports_controller.rb
View file

@ -3,11 +3,6 @@
class Settings::ExportsController < Settings::BaseController
include Authorization
layout 'admin'
before_action :authenticate_user!
before_action :require_not_suspended!
skip_before_action :require_functional!
def show
@ -16,8 +11,6 @@ class Settings::ExportsController < Settings::BaseController
end
def create
raise Mastodon::NotPermittedError unless user_signed_in?
backup = nil
RedisLock.acquire(lock_options) do |lock|
@ -37,8 +30,4 @@ class Settings::ExportsController < Settings::BaseController
def lock_options
{ redis: Redis.current, key: "backup:#{current_user.id}" }
end
def require_not_suspended!
forbidden if current_account.suspended?
end
end

3
app/controllers/settings/featured_tags_controller.rb
View file

@ -1,9 +1,6 @@
# frozen_string_literal: true
class Settings::FeaturedTagsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_featured_tags, only: :index
before_action :set_featured_tag, except: [:index, :create]
before_action :set_recently_used_tags, only: :index

3
app/controllers/settings/identity_proofs_controller.rb
View file

@ -1,9 +1,6 @@
# frozen_string_literal: true
class Settings::IdentityProofsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :check_required_params, only: :new
def index

3
app/controllers/settings/imports_controller.rb
View file

@ -1,9 +1,6 @@
# frozen_string_literal: true
class Settings::ImportsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_account
def show

11
app/controllers/settings/migration/redirects_controller.rb
View file

@ -1,13 +1,10 @@
# frozen_string_literal: true
class Settings::Migration::RedirectsController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :require_not_suspended!
skip_before_action :require_functional!
before_action :require_not_suspended!
def new
@redirect = Form::Redirect.new
end
@ -38,8 +35,4 @@ class Settings::Migration::RedirectsController < Settings::BaseController
def resource_params
params.require(:form_redirect).permit(:acct, :current_password, :current_username)
end
def require_not_suspended!
forbidden if current_account.suspended?
end
end

9
app/controllers/settings/migrations_controller.rb
View file

@ -1,15 +1,12 @@
# frozen_string_literal: true
class Settings::MigrationsController < Settings::BaseController
layout 'admin'
skip_before_action :require_functional!
before_action :authenticate_user!
before_action :require_not_suspended!
before_action :set_migrations
before_action :set_cooldown
skip_before_action :require_functional!
def show
@migration = current_account.migrations.build
end
@ -44,8 +41,4 @@ class Settings::MigrationsController < Settings::BaseController
def on_cooldown?
@cooldown.present?
end
def require_not_suspended!
forbidden if current_account.suspended?
end
end

1
app/controllers/settings/pictures_controller.rb
View file

@ -2,7 +2,6 @@
module Settings
class PicturesController < BaseController
before_action :authenticate_user!
before_action :set_account
before_action :set_picture

4
app/controllers/settings/preferences_controller.rb
View file

@ -1,10 +1,6 @@
# frozen_string_literal: true
class Settings::PreferencesController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
def show; end
def update

3
app/controllers/settings/profiles_controller.rb
View file

@ -1,9 +1,6 @@
# frozen_string_literal: true
class Settings::ProfilesController < Settings::BaseController
layout 'admin'
before_action :authenticate_user!
before_action :set_account
def show

6
app/controllers/settings/sessions_controller.rb
View file

@ -1,11 +1,11 @@
# frozen_string_literal: true
class Settings::SessionsController < Settings::BaseController
before_action :authenticate_user!
before_action :set_session, only: :destroy
skip_before_action :require_functional!
before_action :require_not_suspended!
before_action :set_session, only: :destroy
def destroy
@session.destroy!
flash[:notice] = I18n.t('sessions.revoke_success')

5
app/controllers/settings/two_factor_authentication/confirmations_controller.rb
View file

@ -5,14 +5,11 @@ module Settings
class ConfirmationsController < BaseController
include ChallengableConcern
layout 'admin'
skip_before_action :require_functional!
before_action :authenticate_user!
before_action :require_challenge!
before_action :ensure_otp_secret
skip_before_action :require_functional!
def new
prepare_two_factor_form
end

5
app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
View file

@ -5,14 +5,11 @@ module Settings
class OtpAuthenticationController < BaseController
include ChallengableConcern
layout 'admin'
skip_before_action :require_functional!
before_action :authenticate_user!
before_action :verify_otp_not_enabled, only: [:show]
before_action :require_challenge!, only: [:create]
skip_before_action :require_functional!
def show
@confirmation = Form::TwoFactorConfirmation.new
end

7
app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
View file

@ -5,13 +5,10 @@ module Settings
class RecoveryCodesController < BaseController
include ChallengableConcern
layout 'admin'
before_action :authenticate_user!
before_action :require_challenge!, on: :create
skip_before_action :require_functional!
before_action :require_challenge!, on: :create
def create
@recovery_codes = current_user.generate_otp_backup_codes!
current_user.save!

3
app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
View file

@ -3,9 +3,8 @@
module Settings
module TwoFactorAuthentication
class WebauthnCredentialsController < BaseController
layout 'admin'
skip_before_action :require_functional!
before_action :authenticate_user!
before_action :require_otp_enabled
before_action :require_webauthn_enabled, only: [:index, :destroy]

5
app/controllers/settings/two_factor_authentication_methods_controller.rb
View file

@ -4,14 +4,11 @@ module Settings
class TwoFactorAuthenticationMethodsController < BaseController
include ChallengableConcern
layout 'admin'
skip_before_action :require_functional!
before_action :authenticate_user!
before_action :require_challenge!, only: :disable
before_action :require_otp_enabled
skip_before_action :require_functional!
def index; end
def disable