mirror of
https://github.com/openvk/openvk
synced 2024-11-14 19:19:14 +03:00
Security: Add magic button name End all sessions
It's FUCKING USEFUL bc uknow ur pc or phone can be stolen xd
This commit is contained in:
parent
863fb232e0
commit
83be7eed10
6 changed files with 61 additions and 1 deletions
|
@ -322,4 +322,22 @@ final class AuthPresenter extends OpenVKPresenter
|
||||||
|
|
||||||
$this->redirect("/");
|
$this->redirect("/");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This function will revoke all tokens, including API and Web tokens and except active one
|
||||||
|
*
|
||||||
|
* OF COURSE it requires CSRF
|
||||||
|
*/
|
||||||
|
function renderRevokeAllTokens(): void
|
||||||
|
{
|
||||||
|
$this->assertUserLoggedIn();
|
||||||
|
$this->willExecuteWriteAction();
|
||||||
|
$this->assertNoCSRF();
|
||||||
|
|
||||||
|
// API tokens
|
||||||
|
$this->db->table("api_tokens")->where("user", $this->user->identity->getId())->delete();
|
||||||
|
// Web tokens
|
||||||
|
$this->db->table("ChandlerTokens")->where("user", $this->user->identity->getChandlerGUID())->where("token != ?", Session::i()->get("tok"))->delete();
|
||||||
|
$this->flashFail("succ", tr("information_-1"), tr("end_all_sessions_done"));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -454,7 +454,7 @@ final class UserPresenter extends OpenVKPresenter
|
||||||
$this->flash("succ", tr("changes_saved"), tr("changes_saved_comment"));
|
$this->flash("succ", tr("changes_saved"), tr("changes_saved_comment"));
|
||||||
}
|
}
|
||||||
$this->template->mode = in_array($this->queryParam("act"), [
|
$this->template->mode = in_array($this->queryParam("act"), [
|
||||||
"main", "privacy", "finance", "finance.top-up", "interface"
|
"main", "security", "privacy", "finance", "finance.top-up", "interface"
|
||||||
]) ? $this->queryParam("act")
|
]) ? $this->queryParam("act")
|
||||||
: "main";
|
: "main";
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
{block content}
|
{block content}
|
||||||
|
|
||||||
{var $isMain = $mode === 'main'}
|
{var $isMain = $mode === 'main'}
|
||||||
|
{var $isSecurity = $mode === 'security'}
|
||||||
{var $isPrivacy = $mode === 'privacy'}
|
{var $isPrivacy = $mode === 'privacy'}
|
||||||
{var $isFinance = $mode === 'finance'}
|
{var $isFinance = $mode === 'finance'}
|
||||||
{var $isFinanceTU = $mode === 'finance.top-up'}
|
{var $isFinanceTU = $mode === 'finance.top-up'}
|
||||||
|
@ -17,6 +18,9 @@
|
||||||
<div n:attr="id => ($isMain ? 'activetabs' : 'ki')" class="tab">
|
<div n:attr="id => ($isMain ? 'activetabs' : 'ki')" class="tab">
|
||||||
<a n:attr="id => ($isMain ? 'act_tab_a' : 'ki')" href="/settings">{_main}</a>
|
<a n:attr="id => ($isMain ? 'act_tab_a' : 'ki')" href="/settings">{_main}</a>
|
||||||
</div>
|
</div>
|
||||||
|
<div n:attr="id => ($isSecurity ? 'activetabs' : 'ki')" class="tab">
|
||||||
|
<a n:attr="id => ($isSecurity ? 'act_tab_a' : 'ki')" href="/settings?act=security">{_security}</a>
|
||||||
|
</div>
|
||||||
<div n:attr="id => ($isPrivacy ? 'activetabs' : 'ki')" class="tab">
|
<div n:attr="id => ($isPrivacy ? 'activetabs' : 'ki')" class="tab">
|
||||||
<a n:attr="id => ($isPrivacy ? 'act_tab_a' : 'ki')" href="/settings?act=privacy">{_privacy}</a>
|
<a n:attr="id => ($isPrivacy ? 'act_tab_a' : 'ki')" href="/settings?act=privacy">{_privacy}</a>
|
||||||
</div>
|
</div>
|
||||||
|
@ -226,6 +230,28 @@
|
||||||
{_you_can_also} <a onClick="showProfileDeactivateDialog({$csrfToken})">{_delete_your_page}</a>.
|
{_you_can_also} <a onClick="showProfileDeactivateDialog({$csrfToken})">{_delete_your_page}</a>.
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
{elseif $isSecurity}
|
||||||
|
<h4>{_ui_settings_sessions}</h4>
|
||||||
|
<form action="/revokeAllTokens" method="POST">
|
||||||
|
<table cellspacing="7" cellpadding="0" width="60%" border="0" align="center">
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<div class="accent-box">
|
||||||
|
{tr("end_all_sessions_description", OPENVK_ROOT_CONF['openvk']['appearance']['name'])}
|
||||||
|
</div>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td width="120" valign="top" style="text-align: center;">
|
||||||
|
<input type="hidden" name="hash" value="{$csrfToken}" />
|
||||||
|
<input type="submit" value="{_end_all_sessions}" class="button" />
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
|
||||||
{elseif $isPrivacy}
|
{elseif $isPrivacy}
|
||||||
|
|
||||||
<form action="/settings?act=privacy" method="POST" enctype="multipart/form-data">
|
<form action="/settings?act=privacy" method="POST" enctype="multipart/form-data">
|
||||||
|
|
|
@ -65,6 +65,8 @@ routes:
|
||||||
handler: "Auth->verifyEmail"
|
handler: "Auth->verifyEmail"
|
||||||
- url: "/setSID/{slug}"
|
- url: "/setSID/{slug}"
|
||||||
handler: "Auth->su"
|
handler: "Auth->su"
|
||||||
|
- url: "/revokeAllTokens"
|
||||||
|
handler: "Auth->revokeAllTokens"
|
||||||
- url: "/settings"
|
- url: "/settings"
|
||||||
handler: "User->settings"
|
handler: "User->settings"
|
||||||
- url: "/settings/2fa"
|
- url: "/settings/2fa"
|
||||||
|
|
|
@ -418,6 +418,7 @@
|
||||||
"avatar" = "Avatar";
|
"avatar" = "Avatar";
|
||||||
"privacy" = "Privacy";
|
"privacy" = "Privacy";
|
||||||
"interface" = "Interface";
|
"interface" = "Interface";
|
||||||
|
"security" = "Security";
|
||||||
|
|
||||||
"profile_picture" = "Profile picture";
|
"profile_picture" = "Profile picture";
|
||||||
|
|
||||||
|
@ -490,6 +491,7 @@
|
||||||
"ui_settings_view_of_posts_old" = "Old";
|
"ui_settings_view_of_posts_old" = "Old";
|
||||||
"ui_settings_view_of_posts_microblog" = "Microblog";
|
"ui_settings_view_of_posts_microblog" = "Microblog";
|
||||||
"ui_settings_main_page" = "Main page";
|
"ui_settings_main_page" = "Main page";
|
||||||
|
"ui_settings_sessions" = "Sessions";
|
||||||
|
|
||||||
"additional_links" = "Additional links";
|
"additional_links" = "Additional links";
|
||||||
"ad_poster" = "Ad poster";
|
"ad_poster" = "Ad poster";
|
||||||
|
@ -518,6 +520,11 @@
|
||||||
|
|
||||||
"share_with_friends" = "Share with friends";
|
"share_with_friends" = "Share with friends";
|
||||||
|
|
||||||
|
"end_all_sessions" = "End all sessions";
|
||||||
|
"end_all_sessions_description" = "If you wanna logout from $1 on all devices, click on button below";
|
||||||
|
|
||||||
|
"end_all_sessions_done" = "All sessions was ended, including mobile apps";
|
||||||
|
|
||||||
/* Two-factor authentication */
|
/* Two-factor authentication */
|
||||||
|
|
||||||
"two_factor_authentication" = "Two-factor authentication";
|
"two_factor_authentication" = "Two-factor authentication";
|
||||||
|
|
|
@ -452,6 +452,7 @@
|
||||||
"avatar" = "Аватар";
|
"avatar" = "Аватар";
|
||||||
"privacy" = "Приватность";
|
"privacy" = "Приватность";
|
||||||
"interface" = "Внешний вид";
|
"interface" = "Внешний вид";
|
||||||
|
"security" = "Безопасность";
|
||||||
|
|
||||||
"profile_picture" = "Изображение страницы";
|
"profile_picture" = "Изображение страницы";
|
||||||
|
|
||||||
|
@ -526,6 +527,7 @@
|
||||||
"ui_settings_view_of_posts_old" = "Старый";
|
"ui_settings_view_of_posts_old" = "Старый";
|
||||||
"ui_settings_view_of_posts_microblog" = "Микроблог";
|
"ui_settings_view_of_posts_microblog" = "Микроблог";
|
||||||
"ui_settings_main_page" = "Главная страница";
|
"ui_settings_main_page" = "Главная страница";
|
||||||
|
"ui_settings_sessions" = "Сессии";
|
||||||
|
|
||||||
"additional_links" = "Дополнительные ссылки";
|
"additional_links" = "Дополнительные ссылки";
|
||||||
"ad_poster" = "Рекламный плакат";
|
"ad_poster" = "Рекламный плакат";
|
||||||
|
@ -554,6 +556,11 @@
|
||||||
|
|
||||||
"share_with_friends" = "Рассказать друзьям";
|
"share_with_friends" = "Рассказать друзьям";
|
||||||
|
|
||||||
|
"end_all_sessions" = "Сбросить все сессии";
|
||||||
|
"end_all_sessions_description" = "Если вы хотите выйти из $1 со всех устройств, нажмите на кнопку ниже";
|
||||||
|
|
||||||
|
"end_all_sessions_done" = "Все сессии сброшены, включая мобильные приложения";
|
||||||
|
|
||||||
/* Two-factor authentication */
|
/* Two-factor authentication */
|
||||||
|
|
||||||
"two_factor_authentication" = "Двухфакторная аутентификация";
|
"two_factor_authentication" = "Двухфакторная аутентификация";
|
||||||
|
|
Loading…
Reference in a new issue