Added trusted devices to sudo mode

5 years ago · 0c82c97069
parent 8ffb20f57e
commit 0c82c97069
3 changed files with 21 additions and 11 deletions
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@ -374,10 +374,13 @@ class AccountController extends Controller
 	public function sudoModeVerify(Request $request)
 	{
 		$this->validate($request, [
-			'password' => 'required|string|max:500'
+			'password' => 'required|string|max:500',
+			'trustDevice' => 'nullable'
 		]);
+
 		$user = Auth::user();
 		$password = $request->input('password');
+		$trustDevice = $request->input('trustDevice') == 'on';
 		$next = $request->session()->get('redirectNext', '/');
 		if($request->session()->has('sudoModeAttempts')) {
 			$count = (int) $request->session()->get('sudoModeAttempts');
@ -387,6 +390,9 @@ class AccountController extends Controller
 		}
 		if(password_verify($password, $user->password) === true) {
 			$request->session()->put('sudoMode', time());
+			if($trustDevice == true) {
+				$request->session()->put('sudoTrustDevice', 1);
+			}
 			return redirect($next);
 		} else {
 			return redirect()
--- a/app/Http/Middleware/DangerZone.php
+++ b/app/Http/Middleware/DangerZone.php
@ -25,7 +25,7 @@ class DangerZone
        if(!Auth::check()) {
            return redirect(route('login'));
        }
-        if(!$request->is('i/auth/sudo')) {
+        if(!$request->is('i/auth/sudo') && $request->session()->get('sudoTrustDevice') != 1) {
            if( !$request->session()->has('sudoMode') ) {
                $request->session()->put('redirectNext', $request->url());
                return redirect('/i/auth/sudo');
--- a/resources/views/auth/sudo.blade.php
+++ b/resources/views/auth/sudo.blade.php
@ -13,18 +13,22 @@
                    <form method="POST">
                        @csrf

-                        <div class="form-group row">
+                        <div class="form-group">
+                            <input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{__('Password')}}" required>

-                            <div class="col-md-12">
-                                <input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{__('Password')}}" required>
+                            @if ($errors->has('password'))
+                                <span class="invalid-feedback">
+                                    <strong>{{ $errors->first('password') }}</strong>
+                                </span>
+                            @endif
+                        </div>

-                                @if ($errors->has('password'))
-                                    <span class="invalid-feedback">
-                                        <strong>{{ $errors->first('password') }}</strong>
-                                    </span>
-                                @endif
+                        <div class="form-group">
+                            <div class="custom-control custom-checkbox">
+                              <input type="checkbox" class="custom-control-input" id="trusted-device" name="trustDevice">
+                              <label class="custom-control-label text-muted" for="trusted-device">Don't ask me again, trust this device</label>
                            </div>
-                        </div>
+                        </div>  

                        <div class="form-group row mb-0">
                            <div class="col-md-12">