zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-25 01:32:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

cleanups for account validation

Browse source
This commit is contained in:
Kyle Drake 2024-04-08 15:12:56 -05:00
parent bb430d455f
commit 10acf8e7bb
4 changed files with 15 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app.rb
View file

@ -75,10 +75,12 @@ before do
content_type :json
elsif request.path.match /^\/webhooks\//
# Skips the CSRF/validation check for stripe web hooks
elsif email_not_validated? && !(request.path =~ /^\/site\/.+\/confirm_email|^\/settings\/change_email|^\/signout|^\/welcome|^\/supporter|^\/signout/)
elsif current_site && current_site.email_not_validated? && !(request.path =~ /^\/site\/.+\/confirm_email|^\/settings\/change_email|^\/signout|^\/welcome|^\/supporter|^\/signout/)
redirect "/site/#{current_site.username}/confirm_email"
elsif !email_not_validated? && current_site && current_site.phone_verification_needed? && !(request.path =~ /^\/site\/.+\/confirm_phone|^\/signout/)
elsif current_site && current_site.phone_verification_needed? && !(request.path =~ /^\/site\/.+\/confirm_phone|^\/signout/)
redirect "/site/#{current_site.username}/confirm_phone"
elsif current_site && current_site.tutorial_required && !(request.path =~ /tutorial/)
redirect '/tutorial/html/1'
else
content_type :html, 'charset' => 'utf-8'
redirect '/' if request.post? && !csrf_safe?

3
app/api.rb
View file

@ -240,7 +240,6 @@ def require_api_credentials
if !request.env['HTTP_AUTHORIZATION'].nil?
init_api_credentials
api_error(403, 'email_not_validated', 'you need to validate your email address before using the API') if email_not_validated?
else
api_error_invalid_auth
end
@ -268,7 +267,7 @@ def init_api_credentials
api_error_invalid_auth
end
if site.nil? || site.is_banned || site.is_deleted
if site.nil? || site.is_banned || site.is_deleted || !(site.required_validations_met?)
api_error_invalid_auth
end

7
app_helpers.rb
View file

@ -16,7 +16,6 @@ end
def require_login
redirect '/' unless signed_in? && current_site
redirect '/tutorial/html/1' if current_site.tutorial_required && !(request.path =~ /tutorial/)
end
def signed_in?
@ -97,12 +96,6 @@ def dont_browser_cache
@dont_browser_cache = true
end
def email_not_validated?
return false if current_site && current_site.created_at < Site::EMAIL_VALIDATION_CUTOFF_DATE
current_site && current_site.parent? && !current_site.is_education && !current_site.email_confirmed && !current_site.supporter?
end
def sanitize_comment(text)
Rinku.auto_link Sanitize.fragment(text), :all, 'target="_blank" rel="nofollow"'
end

10
models/site.rb
View file

@ -1746,6 +1746,16 @@ class Site < Sequel::Model
false
end
def email_not_validated?
return false if created_at < EMAIL_VALIDATION_CUTOFF_DATE
parent? && !is_education && !email_confirmed && !supporter?
end
def required_validations_met?
return false if phone_verification_needed? || tutorial_required || email_not_validated?
true
end
private
def store_file(path, uploaded, opts={})