diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index 62599c6c..dad177f4 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -278,4 +278,24 @@ class AccountController extends Controller return response()->json(['msg' => 'success'], 200); } + + public function sudoMode(Request $request) + { + return view('auth.sudo'); + } + + public function sudoModeVerify(Request $request) + { + $this->validate($request, [ + 'password' => 'required|string|max:500' + ]); + $user = Auth::user(); + $password = $request->input('password'); + $next = $request->session()->get('redirectNext', '/'); + if(password_verify($password, $user->password) === true) { + $request->session()->put('sudoMode', time()); + return redirect($next); + } + return redirect($next); + } } diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index cb2b9187..b90d197a 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -57,6 +57,7 @@ class Kernel extends HttpKernel 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, + 'dangerzone' => \App\Http\Middleware\DangerZone::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, diff --git a/app/Http/Middleware/DangerZone.php b/app/Http/Middleware/DangerZone.php new file mode 100644 index 00000000..d1a1b4af --- /dev/null +++ b/app/Http/Middleware/DangerZone.php @@ -0,0 +1,34 @@ +is('i/auth/sudo')) { + if( !$request->session()->has('sudoMode') ) { + $request->session()->put('redirectNext', $request->url()); + return redirect('/i/auth/sudo'); + } + if( $request->session()->get('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) { + $request->session()->put('redirectNext', $request->url()); + return redirect('/i/auth/sudo'); + } + } + return $next($request); + } +} diff --git a/app/ImportJob.php b/app/ImportJob.php index dc0e1cda..52b1187d 100644 --- a/app/ImportJob.php +++ b/app/ImportJob.php @@ -6,5 +6,19 @@ use Illuminate\Database\Eloquent\Model; class ImportJob extends Model { - // + public function url() + { + return url("/i/import/job/{$this->uuid}/{$this->stage}"); + } + + public function files() + { + return $this->hasMany(ImportData::class, 'job_id'); + } + + public function mediaJson() + { + $path = storage_path("app/$this->media_json"); + return json_decode(file_get_contents($path), true); + } } diff --git a/database/migrations/2018_09_10_024252_update_import_datas_table.php b/database/migrations/2018_09_10_024252_update_import_datas_table.php new file mode 100644 index 00000000..c4fb14c3 --- /dev/null +++ b/database/migrations/2018_09_10_024252_update_import_datas_table.php @@ -0,0 +1,33 @@ +bigInteger('job_id')->unsigned()->nullable()->after('profile_id'); + $table->string('original_name')->nullable()->after('stage'); + $table->boolean('import_accepted')->default(false)->nullable()->after('original_name'); + $table->unique(['job_id', 'original_name']); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + // + } +} diff --git a/resources/views/auth/sudo.blade.php b/resources/views/auth/sudo.blade.php new file mode 100644 index 00000000..79f2917c --- /dev/null +++ b/resources/views/auth/sudo.blade.php @@ -0,0 +1,49 @@ +@extends('layouts.blank') + +@section('content') +
+
+
+
+ +

Confirm password to continue

+
+
+
+
+ @csrf + +
+ +
+ + + @if ($errors->has('password')) + + {{ $errors->first('password') }} + + @endif +
+
+ + @if(config('pixelfed.recaptcha')) +
+ {!! Recaptcha::render() !!} +
+ @endif + +
+
+ + +
+
+
+
+
+
+
+
+@endsection diff --git a/resources/views/errors/403.blade.php b/resources/views/errors/403.blade.php index 26168b47..6435a5d6 100644 --- a/resources/views/errors/403.blade.php +++ b/resources/views/errors/403.blade.php @@ -4,8 +4,9 @@
-
-

403 – Forbidden

+
+

403 – Forbidden

+

You do not have permission to view this page.

diff --git a/resources/views/errors/404.blade.php b/resources/views/errors/404.blade.php index a4891d46..01a24eb2 100644 --- a/resources/views/errors/404.blade.php +++ b/resources/views/errors/404.blade.php @@ -5,7 +5,7 @@
-

404 – Page Not Found

+

Page Not Found

diff --git a/resources/views/errors/500.blade.php b/resources/views/errors/500.blade.php new file mode 100644 index 00000000..0e134790 --- /dev/null +++ b/resources/views/errors/500.blade.php @@ -0,0 +1,15 @@ +@extends('layouts.app') + +@section('content') +
+
+
+
+

Whoops! Something went wrong.

+

Please try again, if this error keeps happening please contact an admin.

+ +
+
+
+
+@endsection diff --git a/resources/views/errors/503.blade.php b/resources/views/errors/503.blade.php index ba0a9429..c141503d 100644 --- a/resources/views/errors/503.blade.php +++ b/resources/views/errors/503.blade.php @@ -5,8 +5,9 @@
-

503 – Service Unavailable

-

Our services are overloaded at the moment, please try again later.

+

Service Unavailable

+

Our services are in maintenance mode, please try again later.

+
diff --git a/resources/views/layouts/blank.blade.php b/resources/views/layouts/blank.blade.php new file mode 100644 index 00000000..c3bc47a7 --- /dev/null +++ b/resources/views/layouts/blank.blade.php @@ -0,0 +1,36 @@ + + + + + + + + + + + + {{ $title ?? config('app.name', 'Laravel') }} + + + + + + @stack('meta') + + + + + + + + @stack('styles') + + +
+ @yield('content') +
+ @include('layouts.partial.footer') + + @stack('scripts') + + diff --git a/routes/web.php b/routes/web.php index c555e0ae..194e3199 100644 --- a/routes/web.php +++ b/routes/web.php @@ -68,6 +68,9 @@ Route::domain(config('pixelfed.domain.app'))->middleware('validemail')->group(fu Route::post('verify-email', 'AccountController@sendVerifyEmail')->middleware('throttle:10,1440'); Route::get('confirm-email/{userToken}/{randomToken}', 'AccountController@confirmVerifyEmail')->middleware('throttle:10,1440'); + Route::get('auth/sudo', 'AccountController@sudoMode'); + Route::post('auth/sudo', 'AccountController@sudoModeVerify'); + Route::group(['prefix' => 'report'], function () { Route::get('/', 'ReportController@showForm')->name('report.form'); Route::post('/', 'ReportController@formStore')->middleware('throttle:100,1440'); @@ -98,8 +101,8 @@ Route::domain(config('pixelfed.domain.app'))->middleware('validemail')->group(fu Route::post('home', 'SettingsController@homeUpdate')->middleware('throttle:25,1440'); Route::get('avatar', 'SettingsController@avatar')->name('settings.avatar'); Route::post('avatar', 'AvatarController@store')->middleware('throttle:5,1440'); - Route::get('password', 'SettingsController@password')->name('settings.password'); - Route::post('password', 'SettingsController@passwordUpdate')->middleware('throttle:2,1440'); + Route::get('password', 'SettingsController@password')->name('settings.password')->middleware('dangerzone'); + Route::post('password', 'SettingsController@passwordUpdate')->middleware(['throttle:2,1440','dangerzone']); Route::get('email', 'SettingsController@email')->name('settings.email'); Route::get('notifications', 'SettingsController@notifications')->name('settings.notifications'); Route::get('privacy', 'SettingsController@privacy')->name('settings.privacy');