Permalink
Show file tree
Hide file tree
1 comment
on commit
sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link * SECURITY: Add confirmation screen when logging in via user-api OTP * FIX: Correct translation key in session controller specs * FIX: Use .email-login class for page
- Loading branch information
1 parent
89e0d8c
commit b8340c6
Showing
13 changed files
with
271 additions
and
120 deletions.
There are no files selected for viewing
29 changes: 29 additions & 0 deletions
29
app/assets/javascripts/discourse/controllers/email-login.js.es6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| import { SECOND_FACTOR_METHODS } from "discourse/models/user"; | ||
| import { ajax } from "discourse/lib/ajax"; | ||
| import DiscourseURL from "discourse/lib/url"; | ||
| import { popupAjaxError } from "discourse/lib/ajax-error"; | ||
|
|
||
| export default Ember.Controller.extend({ | ||
| secondFactorMethod: SECOND_FACTOR_METHODS.TOTP, | ||
| lockImageUrl: Discourse.getURL("/images/lock.svg"), | ||
| actions: { | ||
| finishLogin() { | ||
| ajax({ | ||
| url: `/session/email-login/${this.model.token}`, | ||
| type: "POST", | ||
| data: { | ||
| second_factor_token: this.secondFactorToken, | ||
| second_factor_method: this.secondFactorMethod | ||
| } | ||
| }) | ||
| .then(result => { | ||
| if (result.success) { | ||
| DiscourseURL.redirectTo("/"); | ||
| } else { | ||
| this.set("model.error", result.error); | ||
| } | ||
| }) | ||
| .catch(popupAjaxError); | ||
| } | ||
| } | ||
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
11 changes: 11 additions & 0 deletions
11
app/assets/javascripts/discourse/routes/email-login.js.es6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| import { ajax } from "discourse/lib/ajax"; | ||
|
|
||
| export default Discourse.Route.extend({ | ||
| titleToken() { | ||
| return I18n.t("login.title"); | ||
| }, | ||
|
|
||
| model(params) { | ||
| return ajax(`/session/email-login/${params.token}`); | ||
| } | ||
| }); |
33 changes: 33 additions & 0 deletions
33
app/assets/javascripts/discourse/templates/email-login.hbs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| <div class="container email-login clearfix"> | ||
| <div class="pull-left col-image"> | ||
| <img src={{lockImageUrl}} class="password-reset-img"> | ||
| </div> | ||
|
|
||
| <div class="pull-left col-form"> | ||
| <form> | ||
| {{#if model.error}} | ||
| <div class='alert alert-error'> | ||
| {{model.error}} | ||
| </div> | ||
| {{/if}} | ||
|
|
||
| {{#if model.can_login}} | ||
| {{#if model.second_factor_required}} | ||
| {{#second-factor-form | ||
| secondFactorMethod=secondFactorMethod | ||
| secondFactorToken=secondFactorToken | ||
| backupEnabled=model.backup_codes_enabled | ||
| isLogin=true}} | ||
| {{second-factor-input value=secondFactorToken secondFactorMethod=secondFactorMethod backupEnabled=backupEnabled}} | ||
| {{/second-factor-form}} | ||
| {{else}} | ||
| <h2>{{i18n "email_login.confirm_title" site_name=siteSettings.title}}</h2> | ||
| <p>{{i18n "email_login.logging_in_as" email=model.token_email}}</p> | ||
| {{/if}} | ||
|
|
||
| {{d-button label="email_login.confirm_button" action=(action "finishLogin") class="btn-primary"}} | ||
| {{/if}} | ||
| </form> | ||
| </div> | ||
| </div> | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -182,6 +182,7 @@ | |
| } | ||
|
|
||
| .password-reset, | ||
| .email-login, | ||
| .invites-show { | ||
| margin-top: 30px; | ||
| .col-image { | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
b8340c6There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
David Taylor posted:
https://review.discourse.org/t/revert-merge-pull-request-from-ghsa-hv9p-jfm4-gpr9/4327