Refactor settings controllers (#14767)

- Disallow suspended accounts from revoking sessions and apps - Allow suspended accounts to access exports
2020-09-11 20:56:35 +02:00 · 2020-09-11 20:56:35 +02:00 · 4e4b3a0c8e
commit 4e4b3a0c8e
parent e6b272e5c9
31 changed files with 65 additions and 118 deletions
--- a/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/confirmations_controller.rb
@ -5,14 +5,11 @@ module Settings
    class ConfirmationsController < BaseController
      include ChallengableConcern

-      layout 'admin'
+      skip_before_action :require_functional!

-      before_action :authenticate_user!
      before_action :require_challenge!
      before_action :ensure_otp_secret

-      skip_before_action :require_functional!
-
      def new
        prepare_two_factor_form
      end
--- a/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/otp_authentication_controller.rb
@ -5,14 +5,11 @@ module Settings
    class OtpAuthenticationController < BaseController
      include ChallengableConcern

-      layout 'admin'
+      skip_before_action :require_functional!

-      before_action :authenticate_user!
      before_action :verify_otp_not_enabled, only: [:show]
      before_action :require_challenge!, only: [:create]

-      skip_before_action :require_functional!
-
      def show
        @confirmation = Form::TwoFactorConfirmation.new
      end
--- a/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
@ -5,13 +5,10 @@ module Settings
    class RecoveryCodesController < BaseController
      include ChallengableConcern

-      layout 'admin'
-
-      before_action :authenticate_user!
-      before_action :require_challenge!, on: :create
-
      skip_before_action :require_functional!

+      before_action :require_challenge!, on: :create
+
      def create
        @recovery_codes = current_user.generate_otp_backup_codes!
        current_user.save!
--- a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
+++ b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb
@ -3,9 +3,8 @@
 module Settings
  module TwoFactorAuthentication
    class WebauthnCredentialsController < BaseController
-      layout 'admin'
+      skip_before_action :require_functional!

-      before_action :authenticate_user!
      before_action :require_otp_enabled
      before_action :require_webauthn_enabled, only: [:index, :destroy]