From fe7dbb79ca25236724939ca9e22d6b36baf82676 Mon Sep 17 00:00:00 2001 From: Yongjin Chong Date: Fri, 31 Jan 2025 12:53:05 -0700 Subject: [PATCH] Fix redirect not expected GET requests --- .../accounts/user_settings_controller.ex | 71 +++++++++++-------- lib/recognizer_web/router.ex | 2 +- 2 files changed, 43 insertions(+), 30 deletions(-) diff --git a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex index 81aad47..d3df06b 100644 --- a/lib/recognizer_web/controllers/accounts/user_settings_controller.ex +++ b/lib/recognizer_web/controllers/accounts/user_settings_controller.ex @@ -33,14 +33,30 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do end def resend(conn, _params) do - conn = - conn - |> put_session(:two_factor_sent, false) - |> put_session(:two_factor_issue_time, System.system_time(:second)) + user = Authentication.fetch_current_user(conn) + current_user = Accounts.get_new_two_factor_settings(user) - conn - |> put_flash(:info, "Two factor code has been resent") - |> redirect(to: Routes.user_settings_path(conn, :two_factor_init)) + case current_user do + {:error, _} -> + conn + |> put_flash(:error, "Two factor setup expired or not yet initiated") + |> redirect(to: Routes.user_settings_path(conn, :edit)) + + {:ok, nil} -> + conn + |> put_flash(:error, "Two factor setup expired or not yet initiated") + |> redirect(to: Routes.user_settings_path(conn, :edit)) + + {:ok, _setting_user} -> + conn = + conn + |> put_session(:two_factor_sent, false) + |> put_session(:two_factor_issue_time, System.system_time(:second)) + + conn + |> put_flash(:info, "Two factor code has been resent") + |> redirect(to: Routes.user_settings_path(conn, :two_factor_init)) + end end @doc """ @@ -72,9 +88,10 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do totp_app_url: Authentication.get_totp_app_url(user, seed) ) else - conn = two_factor_init_email(conn, setting_user, user, method_atom) + current_time = System.system_time(:second) - IO.inspect(get_session(conn, :two_factor_sent, label: "two_factor_sent")) + conn = ensure_two_factor_issue_time(conn, current_time) + conn = two_factor_init_two_factor_sent(conn, setting_user, user, method_atom) conn |> render("confirm_two_factor_external.html") @@ -82,26 +99,6 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do end end - def two_factor_init_email(conn, setting_user, user, method_atom) do - conn = - if get_session(conn, :two_factor_issue_time) == nil do - put_session(conn, :two_factor_issue_time, System.system_time(:second)) - else - conn - end - - two_factor_sent = get_session(conn, :two_factor_sent) - - conn = - if two_factor_sent do - conn - else - conn - |> send_two_factor_notification(setting_user, user, method_atom) - |> put_session(:two_factor_sent, true) - end - end - @doc """ Confirming and saving a new two factor setup with user-provided code """ @@ -149,6 +146,22 @@ defmodule RecognizerWeb.Accounts.UserSettingsController do end end + def two_factor_init_two_factor_sent(conn, setting_user, user, method_atom) do + two_factor_sent = get_session(conn, :two_factor_sent) + + conn_session = + if two_factor_sent do + conn + else + conn + |> send_two_factor_notification(setting_user, user, method_atom) + + put_session(conn, :two_factor_sent, true) + end + + conn_session + end + defp handle_two_factor_settings(conn, user, two_factor_code, method) do two_factor_issue_time = get_session(conn, :two_factor_issue_time) diff --git a/lib/recognizer_web/router.ex b/lib/recognizer_web/router.ex index 0aa358e..fffe625 100644 --- a/lib/recognizer_web/router.ex +++ b/lib/recognizer_web/router.ex @@ -140,6 +140,6 @@ defmodule RecognizerWeb.Router do get "/settings/two-factor/review", UserSettingsController, :review get "/settings/two-factor", UserSettingsController, :two_factor_init post "/settings/two-factor", UserSettingsController, :two_factor_confirm - get "/setting/two-factor/resend", UserSettingsController, :resend + get "/settings/two-factor/resend", UserSettingsController, :resend end end