Make export action send TOTP cookie

tomhughes · Jan 2, 2017 · 777b19c · 777b19c
1 parent 9363148
commit 777b19c
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 8 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -419,6 +419,16 @@ def preferred_editor
 
   helper_method :preferred_editor
 
+  def update_totp
+    if defined?(TOTP_KEY)
+      cookies["_osm_totp_token"] = {
+        :value => ROTP::TOTP.new(TOTP_KEY, :interval => 3600).now,
+        :domain => "openstreetmap.org",
+        :expires => 1.hour.from_now
+      }
+    end
+  end
+
   private
 
   # extract authorisation credentials from headers, returns user = nil if none

diff --git a/app/controllers/export_controller.rb b/app/controllers/export_controller.rb
@@ -1,6 +1,7 @@
 class ExportController < ApplicationController
   before_action :authorize_web
   before_action :set_locale
+  before_action :update_totp, :only => [:finish]
 
   caches_page :embed
 

diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
@@ -8,19 +8,12 @@ class SiteController < ApplicationController
   before_action :redirect_map_params, :only => [:index, :edit, :export]
   before_action :require_user, :only => [:welcome]
   before_action :require_oauth, :only => [:index]
+  before_action :update_totp, :only => [:index]
 
   def index
     unless STATUS == :database_readonly || STATUS == :database_offline
       session[:location] ||= OSM.ip_location(request.env["REMOTE_ADDR"])
     end
-
-    if defined?(TOTP_KEY)
-      cookies["_osm_totp_token"] = {
-        :value => ROTP::TOTP.new(TOTP_KEY, :interval => 3600).now,
-        :domain => "openstreetmap.org",
-        :expires => 1.hour.from_now
-      }
-    end
   end
 
   def permalink