From 3e1ca248ea33e2f3e980fbbb29ddadd79b4fdd86 Mon Sep 17 00:00:00 2001 From: reesericci Date: Mon, 20 Nov 2023 11:09:49 -0600 Subject: [PATCH 1/2] fix email bug & add sent email confirmation --- app/controllers/auth_controller.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb index feaeacf..d51ff04 100644 --- a/app/controllers/auth_controller.rb +++ b/app/controllers/auth_controller.rb @@ -20,16 +20,20 @@ def login def email user = User::User.find_by(email: params[:email]) - if(user.blank?) + if(!user) redirect_to(controller: "users", action: "register") + return elsif(user.disable_email_auth?) flash[:notice] = "Email login codes are disabled" redirect_to(controller: "auth", action: "login") + return end - if Time.now.to_i > (user.otp_last_minted.nil? ? 0 : user.otp_last_minted) + 600 || params[:resend] == "true" then + if Time.now.to_i > (user.try(:otp_last_minted).nil? ? 0 : user.otp_last_minted) + 600 || params[:resend] == "true" then User::Mailer.with(user: user).verification_email.deliver_later + if params[:resend] == "true" then flash[:notice] = "Sent email code" end + end end From 08000385dfb833858dd2fc9271c91e5656a95e1a Mon Sep 17 00:00:00 2001 From: Reese Armstrong Date: Mon, 20 Nov 2023 11:15:26 -0600 Subject: [PATCH 2/2] Create SECURITY.md --- SECURITY.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..c2d75f2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Reporting a Vulnerability + +To report a vulnerability, either use the inbuilt security reporting feature in GitHub, or shoot us an email at team@obl.ong. + +**DO NOT FILE AN ISSUE WITH A SECURITY VULNERABILITY** + +We thank you in advance for finding and reporting security issues!