Added new security question to sign up, Added notification for unconfirmed emails

• Added: - new security question to sign up - notification for unconfirmed emails - modal for describing issue with Gab emails
2020-10-16 16:25:37 -05:00
parent 9c0fc47777
commit 3c07e9d63b
16 changed files with 147 additions and 6 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -74,8 +74,9 @@ class Api::BaseController < ApplicationController
      render json: { error: 'This method requires an authenticated user' }, status: 422
    elsif current_user.disabled?
      render json: { error: 'Your login is currently disabled' }, status: 403
-    elsif !current_user.confirmed?
-      render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
+    # : todo : when figure out email/catpcha, put this back
+    # elsif !current_user.confirmed?
+    #   render json: { error: 'Your login is missing a confirmed e-mail address' }, status: 403
    elsif !current_user.approved?
      render json: { error: 'Your login is currently pending approval' }, status: 403
    else
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@@ -18,6 +18,27 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
    render json: @account, serializer: REST::CredentialAccountSerializer
  end

+  def resend_email_confirmation
+    @account = current_account
+
+    if !@account.user.confirmed?
+      redisResult = Redis.current.get("account:#{@account.id}:last_email_confirmation_resend") || 0
+
+      @lastSentDate = redisResult
+      if redisResult != 0
+        @lastSentDate = Time.at(redisResult.to_i).utc
+      end
+      
+      if @lastSentDate == 0 || (@lastSentDate != 0 && Time.now.utc - @lastSentDate >= 1.hour)
+        @user = Account.find(@account.id).user || raise(ActiveRecord::RecordNotFound)
+        Redis.current.set("account:#{@account.id}:last_email_confirmation_resend", Time.now.utc.to_i)
+        @user.resend_confirmation_instructions
+      end
+    end
+
+    render json: { success: true, message: 'ok' }
+  end
+
  private

  def account_params
@@ -35,4 +56,5 @@ class Api::V1::Accounts::CredentialsController < Api::BaseController
      'setting_default_language' => source_params.fetch(:language, @account.user.setting_default_language),
    }
  end
+
 end
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -4,6 +4,7 @@ class Auth::RegistrationsController < Devise::RegistrationsController
  layout :determine_layout

  before_action :set_invite, only: [:new, :create]
+  before_action :set_challenge, only: [:new]
  before_action :check_enabled_registrations, only: [:new, :create]
  before_action :configure_sign_up_params, only: [:create]
  before_action :set_sessions, only: [:edit, :update]
@@ -15,6 +16,16 @@ class Auth::RegistrationsController < Devise::RegistrationsController
    super(&:build_invite_request)
  end

+  def create
+    if session[:challenge_answer].to_s == params[:user][:challenge].to_s.strip
+      # Reset after, may be errors to return and this ensures its still visible
+      set_challenge
+      super
+    else
+      return false
+    end
+  end
+
  def destroy
    not_found
  end
@@ -96,6 +107,12 @@ class Auth::RegistrationsController < Devise::RegistrationsController
    @invite = invite&.valid_for_use? ? invite : nil
  end

+  def set_challenge
+    @challenge_add_1 = rand(0...9)
+    @challenge_add_2 = rand(0...9)
+    session[:challenge_answer] = @challenge_add_1 + @challenge_add_2
+  end
+
  def determine_layout
    %w(edit update).include?(action_name) ? 'admin' : 'auth'
  end