code input validation, lockout after 3 attempts

2025-04-24 17:22:35 +02:00 · 2023-11-10 13:30:05 -06:00 · 2023-11-10 13:30:05 -06:00 · 7f05c2c9dc
commit 7f05c2c9dc
parent 40e848e2c0
3 changed files with 41 additions and 4 deletions
--- a/app/create.rb
+++ b/app/create.rb
@ -98,7 +98,20 @@ post '/create' do
  end

  @site.email_confirmed = true if self.class.development?
-  #@site.phone_confirmed = true if self.class.development?
+  @site.phone_confirmed = true if self.class.development?
+
+  begin
+    @site.phone_verification_required = true if self.class.production? && BlackBox.phone_verification_required?(site)
+  rescue => e
+    EmailWorker.perform_async({
+      from: 'web@neocities.org',
+      to: 'errors@neocities.org',
+      subject: "[Neocities Error] Phone verification exception",
+      body: "#{e.inspect}\n#{e.backtrace}",
+      no_footer: true
+    })
+  end
+
  @site.save

  unless education_whitelisted?
--- a/app/site.rb
+++ b/app/site.rb
@ -329,6 +329,13 @@ post '/site/:username/confirm_phone' do
    end

    current_site.phone_verification_sent_at = Time.now
+    current_site.phone_verification_attempts += 1
+
+    if current_site.phone_verification_attempts > Site::PHONE_VERIFICATION_LOCKOUT_ATTEMPTS
+      flash[:error] = 'You have exceeded the number of phone verification attempts allowed.'
+      redirect "/site/#{current_site.username}/confirm_phone"
+    end
+
    current_site.save_changes validate: false

    verification = $twilio.verify
--- a/views/site/confirm_phone.erb
+++ b/views/site/confirm_phone.erb
@ -26,10 +26,27 @@

        <% if current_site.phone_verification_sid %>
          <fieldset>
-            <label for="token">Enter the code:<br></label>
-          <input name="code" type="text" class="input-Area" autofill="off" autocapitalize="off" autocorrect="off" value="<%= flash[:code] %>" style="width: 100px" maxlength=6>
+            <label for="token">Enter the 6 digit code:<br></label>
+          <input id="code" name="code" type="text" class="input-Area" autofill="off" autocapitalize="off" autocorrect="off" value="<%= flash[:code] %>" style="width: 100px" maxlength=6>
          </fieldset>
-          <input class="btn-Action" type="submit" value="Verify Code">
+          <input id="submitButton" class="btn-Action" type="submit" value="Verify Code" style="display: none" autocomplete="off">
+
+          <script>
+            document.getElementById('code').addEventListener('input', function(e) {
+              var inputVal = e.target.value;
+              var submitButton = document.getElementById('submitButton');
+
+              // Check if there are exactly 6 digits in the input
+              var isValid = /^\d{6}$/.test(inputVal);
+
+              if(isValid) {
+                submitButton.style = 'display: inline-block';
+              } else {
+                submitButton.style = 'display: none';
+              }
+            });
+          </script>
+
        <% else %>

          <fieldset>