yetangitu/pixelfed
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update DangerZone middleware to use session instead of cookie

Browse source
This commit is contained in:
Daniel Supernault 2018-09-09 21:44:51 -06:00
parent 336deae05b
commit d90cfffa3f
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
2 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Middleware/DangerZone.php
View file

@ -20,11 +20,13 @@ class DangerZone
return redirect(route('login'));
}
if(!$request->is('i/auth/sudo')) {
if( false == $request->cookie('sudoMode') ) {
return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url());
if( !$request->session()->has('sudoMode') ) {
$request->session()->put('redirectNext', $request->url());
return redirect('/i/auth/sudo');
}
if( $request->cookie('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) {
return redirect('/i/auth/sudo')->withCookie('redirectNext', $request->url());
if( $request->session()->get('sudoMode') < Carbon::now()->subMinutes(30)->timestamp ) {
$request->session()->put('redirectNext', $request->url());
return redirect('/i/auth/sudo');
}
}
return $next($request);