github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:21:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Invalid token error incorrectly displayed on email login page.

Browse Source
This commit is contained in:
Guo Xiang Tan
2018-02-21 15:46:53 +08:00
parent 8964e75ad6
commit b16471edfb
2 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/controllers/session_controller.rb
View File

@ -238,20 +238,24 @@ class SessionController < ApplicationController
def email_login
raise Discourse::NotFound if !SiteSetting.enable_local_logins_via_email
if params[:second_factor_token].present?
@error = I18n.t("login.invalid_second_factor_code")
RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!
end
second_factor_token = params[:second_factor_token]
token = params[:token]
valid_token = !!EmailToken.valid_token_format?(token)
user = EmailToken.confirmable(token)&.user
if valid_token && user&.totp_enabled? && !user.authenticate_totp(params[:second_factor_token])
@second_factor_required = true
@error = I18n.t('login.invalid_second_factor_code')
elsif user = EmailToken.confirm(token)
if valid_token && user&.totp_enabled?
RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!
if !second_factor_token.present?
@second_factor_required = true
return render layout: 'no_ember'
elsif !user.authenticate_totp(second_factor_token)
@error = I18n.t('login.invalid_second_factor_code')
return render layout: 'no_ember'
end
end
if user = EmailToken.confirm(token)
if login_not_approved_for?(user)
@error = login_not_approved[:error]
elsif payload = login_error_check(user)