PonyMirrors/philomena
1
0
Fork 0
mirror of https://github.com/philomena-dev/philomena.git synced 2024-11-27 21:47:59 +01:00
Code Issues Projects Releases Packages Wiki Activity

prevent posting without presenting a _ses cookie

Browse source
This commit is contained in:
byte[] 2019-12-20 20:30:14 -05:00
parent 3a364bde61
commit ca1150230d
1 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
lib/philomena_web/plugs/filter_banned_users_plug.ex
View file

@ -21,13 +21,27 @@ defmodule PhilomenaWeb.FilterBannedUsersPlug do
conn.assigns.current_ban
|> maybe_halt(conn, redirect_url)
|> maybe_halt_no_fingerprint()
end
def maybe_halt(nil, conn, _redirect_url), do: conn
def maybe_halt(_current_ban, conn, redirect_url) do
defp maybe_halt(nil, conn, _redirect_url), do: conn
defp maybe_halt(_current_ban, conn, redirect_url) do
conn
|> Controller.put_flash(:error, "You are currently banned.")
|> Controller.redirect(external: redirect_url)
|> Conn.halt()
end
end
defp maybe_halt_no_fingerprint(%{halted: true} = conn), do: conn
defp maybe_halt_no_fingerprint(conn) do
conn = Conn.fetch_cookies(conn)
case conn.cookies["_ses"] do
nil ->
PhilomenaWeb.NotAuthorizedPlug.call(conn)
_other ->
conn
end
end
end