From 7f05c2c9dcfce96ef3f96138de4db67c596407cf Mon Sep 17 00:00:00 2001 From: Kyle Drake Date: Fri, 10 Nov 2023 13:30:05 -0600 Subject: [PATCH] code input validation, lockout after 3 attempts --- app/create.rb | 15 ++++++++++++++- app/site.rb | 7 +++++++ views/site/confirm_phone.erb | 23 ++++++++++++++++++++--- 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/app/create.rb b/app/create.rb index 5dfbb3de..aea33991 100644 --- a/app/create.rb +++ b/app/create.rb @@ -98,7 +98,20 @@ post '/create' do end @site.email_confirmed = true if self.class.development? - #@site.phone_confirmed = true if self.class.development? + @site.phone_confirmed = true if self.class.development? + + begin + @site.phone_verification_required = true if self.class.production? && BlackBox.phone_verification_required?(site) + rescue => e + EmailWorker.perform_async({ + from: 'web@neocities.org', + to: 'errors@neocities.org', + subject: "[Neocities Error] Phone verification exception", + body: "#{e.inspect}\n#{e.backtrace}", + no_footer: true + }) + end + @site.save unless education_whitelisted? diff --git a/app/site.rb b/app/site.rb index 412a9af6..85f019de 100644 --- a/app/site.rb +++ b/app/site.rb @@ -329,6 +329,13 @@ post '/site/:username/confirm_phone' do end current_site.phone_verification_sent_at = Time.now + current_site.phone_verification_attempts += 1 + + if current_site.phone_verification_attempts > Site::PHONE_VERIFICATION_LOCKOUT_ATTEMPTS + flash[:error] = 'You have exceeded the number of phone verification attempts allowed.' + redirect "/site/#{current_site.username}/confirm_phone" + end + current_site.save_changes validate: false verification = $twilio.verify diff --git a/views/site/confirm_phone.erb b/views/site/confirm_phone.erb index c29f277b..b055b488 100644 --- a/views/site/confirm_phone.erb +++ b/views/site/confirm_phone.erb @@ -26,10 +26,27 @@ <% if current_site.phone_verification_sid %>
- - + +
- + + + + <% else %>