Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Remove sign-in token authentication, instead send e-mail about new sign-in (#17970)

Browse source
This commit is contained in:
Eugen Rochko 2022-04-06 20:58:12 +02:00 committed by GitHub
parent abb11778d7
commit 6221b36b27
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 137 additions and 362 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/auth/sessions_controller.rb
View file

@ -8,7 +8,6 @@ class Auth::SessionsController < Devise::SessionsController
skip_before_action :update_user_sign_in
include TwoFactorAuthenticationConcern
include SignInTokenAuthenticationConcern
before_action :set_instance_presenter, only: [:new]
before_action :set_body_classes
@ -66,7 +65,7 @@ class Auth::SessionsController < Devise::SessionsController
end
def user_params
params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt, credential: {})
params.require(:user).permit(:email, :password, :otp_attempt, credential: {})
end
def after_sign_in_path_for(resource)
@ -142,6 +141,12 @@ class Auth::SessionsController < Devise::SessionsController
ip: request.remote_ip,
user_agent: request.user_agent
)
UserMailer.suspicious_sign_in(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later! if suspicious_sign_in?(user)
end
def suspicious_sign_in?(user)
SuspiciousSignInDetector.new(user).suspicious?(request)
end
def on_authentication_failure(user, security_measure, failure_reason)