Merge branch 'main' into glitch-soc/merge-upstream

Conflicts: - `app/controllers/concerns/sign_in_token_authentication_concern.rb`: Upstream removed this file, while glitch-soc had changes to deal with its theming system. Removed the file like upstream did.
2022-04-06 21:10:23 +02:00
parent 00c9363f07 dd4c156f33
commit b368c75029
34 changed files with 405 additions and 406 deletions
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -10,7 +10,6 @@ class Auth::SessionsController < Devise::SessionsController
  prepend_before_action :set_pack

  include TwoFactorAuthenticationConcern
-  include SignInTokenAuthenticationConcern

  before_action :set_instance_presenter, only: [:new]
  before_action :set_body_classes
@@ -68,7 +67,7 @@ class Auth::SessionsController < Devise::SessionsController
  end

  def user_params
-    params.require(:user).permit(:email, :password, :otp_attempt, :sign_in_token_attempt, credential: {})
+    params.require(:user).permit(:email, :password, :otp_attempt, credential: {})
  end

  def after_sign_in_path_for(resource)
@@ -148,6 +147,12 @@ class Auth::SessionsController < Devise::SessionsController
      ip: request.remote_ip,
      user_agent: request.user_agent
    )
+
+    UserMailer.suspicious_sign_in(user, request.remote_ip, request.user_agent, Time.now.utc).deliver_later! if suspicious_sign_in?(user)
+  end
+
+  def suspicious_sign_in?(user)
+    SuspiciousSignInDetector.new(user).suspicious?(request)
  end

  def on_authentication_failure(user, security_measure, failure_reason)