Add ability to skip sign-in token authentication for specific users (#16427)

Remove "active within last two weeks" exception for sign in token requirement Change admin reset password to lock access until the password is reset
2021-07-08 05:31:28 +02:00 · 2021-07-08 05:31:28 +02:00 · 771c9d4ba8
commit 771c9d4ba8
parent 2e0eac71dd
14 changed files with 160 additions and 32 deletions
--- a/lib/mastodon/accounts_cli.rb
+++ b/lib/mastodon/accounts_cli.rb
@ -54,7 +54,8 @@ module Mastodon

    option :email, required: true
    option :confirmed, type: :boolean
-    option :role, default: 'user'
+    option :role, default: 'user', enum: %w(user moderator admin)
+    option :skip_sign_in_token, type: :boolean
    option :reattach, type: :boolean
    option :force, type: :boolean
    desc 'create USERNAME', 'Create a new user'
@ -68,6 +69,9 @@ module Mastodon
      With the --role option one of  "user", "admin" or "moderator"
      can be supplied. Defaults to "user"

+      With the --skip-sign-in-token option, you can ensure that
+      the user is never asked for an e-mailed security code.
+
      With the --reattach option, the new user will be reattached
      to a given existing username of an old account. If the old
      account is still in use by someone else, you can supply
@ -77,7 +81,7 @@ module Mastodon
    def create(username)
      account  = Account.new(username: username)
      password = SecureRandom.hex
-      user     = User.new(email: options[:email], password: password, agreement: true, approved: true, admin: options[:role] == 'admin', moderator: options[:role] == 'moderator', confirmed_at: options[:confirmed] ? Time.now.utc : nil, bypass_invite_request_check: true)
+      user     = User.new(email: options[:email], password: password, agreement: true, approved: true, admin: options[:role] == 'admin', moderator: options[:role] == 'moderator', confirmed_at: options[:confirmed] ? Time.now.utc : nil, bypass_invite_request_check: true, skip_sign_in_token: options[:skip_sign_in_token])

      if options[:reattach]
        account = Account.find_local(username) || Account.new(username: username)
@ -113,7 +117,7 @@ module Mastodon
      end
    end

-    option :role
+    option :role, enum: %w(user moderator admin)
    option :email
    option :confirm, type: :boolean
    option :enable, type: :boolean
@ -121,6 +125,7 @@ module Mastodon
    option :disable_2fa, type: :boolean
    option :approve, type: :boolean
    option :reset_password, type: :boolean
+    option :skip_sign_in_token, type: :boolean
    desc 'modify USERNAME', 'Modify a user'
    long_desc <<-LONG_DESC
      Modify a user account.
@ -142,6 +147,9 @@ module Mastodon

      With the --reset-password option, the user's password is replaced by
      a randomly-generated one, printed in the output.
+
+      With the --skip-sign-in-token option, you can ensure that
+      the user is never asked for an e-mailed security code.
    LONG_DESC
    def modify(username)
      user = Account.find_local(username)&.user
@ -163,6 +171,7 @@ module Mastodon
      user.disabled = true if options[:disable]
      user.approved = true if options[:approve]
      user.otp_required_for_login = false if options[:disable_2fa]
+      user.skip_sign_in_token = options[:skip_sign_in_token] unless options[:skip_sign_in_token].nil?
      user.confirm if options[:confirm]

      if user.save