put magic link login behind ip ban firewall
This commit is contained in:
Thibault Duplessis
parent
478ce6f7e7
commit
97a46cfa5d
|
|
@ -410,35 +410,39 @@ final class Auth(
|
|||
|
||||
def magicLink =
|
||||
Open { implicit ctx =>
|
||||
Ok(renderMagicLink(none, fail = false)).fuccess
|
||||
Firewall {
|
||||
Ok(renderMagicLink(none, fail = false)).fuccess
|
||||
}
|
||||
}
|
||||
|
||||
def magicLinkApply =
|
||||
OpenBody { implicit ctx =>
|
||||
implicit val req = ctx.body
|
||||
env.security.hcaptcha.verify() flatMap { captcha =>
|
||||
if (captcha.ok)
|
||||
forms.magicLink.form
|
||||
.bindFromRequest()
|
||||
.fold(
|
||||
err => BadRequest(renderMagicLink(err.some, fail = true)).fuccess,
|
||||
data =>
|
||||
env.user.repo.enabledWithEmail(data.realEmail.normalize)
|
||||
flatMap {
|
||||
case Some((user, storedEmail)) =>
|
||||
MagicLinkRateLimit(user, storedEmail, ctx.req) {
|
||||
lila.mon.user.auth.magicLinkRequest("success").increment()
|
||||
env.security.magicLink.send(user, storedEmail) inject Redirect(
|
||||
routes.Auth.magicLinkSent(storedEmail.value)
|
||||
)
|
||||
}(rateLimitedFu)
|
||||
case _ =>
|
||||
lila.mon.user.auth.magicLinkRequest("no_email").increment()
|
||||
Redirect(routes.Auth.magicLinkSent(data.realEmail.value)).fuccess
|
||||
}
|
||||
)
|
||||
else
|
||||
BadRequest(renderMagicLink(none, fail = true)).fuccess
|
||||
Firewall {
|
||||
implicit val req = ctx.body
|
||||
env.security.hcaptcha.verify() flatMap { captcha =>
|
||||
if (captcha.ok)
|
||||
forms.magicLink.form
|
||||
.bindFromRequest()
|
||||
.fold(
|
||||
err => BadRequest(renderMagicLink(err.some, fail = true)).fuccess,
|
||||
data =>
|
||||
env.user.repo.enabledWithEmail(data.realEmail.normalize)
|
||||
flatMap {
|
||||
case Some((user, storedEmail)) =>
|
||||
MagicLinkRateLimit(user, storedEmail, ctx.req) {
|
||||
lila.mon.user.auth.magicLinkRequest("success").increment()
|
||||
env.security.magicLink.send(user, storedEmail) inject Redirect(
|
||||
routes.Auth.magicLinkSent(storedEmail.value)
|
||||
)
|
||||
}(rateLimitedFu)
|
||||
case _ =>
|
||||
lila.mon.user.auth.magicLinkRequest("no_email").increment()
|
||||
Redirect(routes.Auth.magicLinkSent(data.realEmail.value)).fuccess
|
||||
}
|
||||
)
|
||||
else
|
||||
BadRequest(renderMagicLink(none, fail = true)).fuccess
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -457,17 +461,19 @@ final class Auth(
|
|||
|
||||
def magicLinkLogin(token: String) =
|
||||
Open { implicit ctx =>
|
||||
magicLinkLoginRateLimitPerToken(token) {
|
||||
env.security.magicLink confirm token flatMap {
|
||||
case None =>
|
||||
lila.mon.user.auth.magicLinkConfirm("token_fail").increment()
|
||||
notFound
|
||||
case Some(user) =>
|
||||
authLog(user.username, "-", "Magic link")
|
||||
authenticateUser(user) >>-
|
||||
lila.mon.user.auth.magicLinkConfirm("success").increment().unit
|
||||
}
|
||||
}(rateLimitedFu)
|
||||
Firewall {
|
||||
magicLinkLoginRateLimitPerToken(token) {
|
||||
env.security.magicLink confirm token flatMap {
|
||||
case None =>
|
||||
lila.mon.user.auth.magicLinkConfirm("token_fail").increment()
|
||||
notFound
|
||||
case Some(user) =>
|
||||
authLog(user.username, "-", "Magic link")
|
||||
authenticateUser(user) >>-
|
||||
lila.mon.user.auth.magicLinkConfirm("success").increment().unit
|
||||
}
|
||||
}(rateLimitedFu)
|
||||
}
|
||||
}
|
||||
|
||||
private def loginTokenFor(me: UserModel) = JsonOk {
|
||||
|
|
|
|||
Loading…
Reference in a new issue