DEV: Remove redundant admin_login route, share with email_login

DEV: Remove redundant admin_login route, share with email_login

diff --git a/app/assets/javascripts/admin-login/admin-login.js.es6 b/app/assets/javascripts/admin-login/admin-login.js.es6
deleted file mode 100644
index e7404b386a..0000000000
--- a/app/assets/javascripts/admin-login/admin-login.js.es6
+++ /dev/null
@@ -1,46 +0,0 @@
-import { getWebauthnCredential } from "discourse/lib/webauthn";
-
-export default function() {
-  document.getElementById(
-    "activate-security-key-alternative"
-  ).onclick = function() {
-    document.getElementById("second-factor-forms").style.display = "block";
-    document.getElementById("primary-security-key-form").style.display = "none";
-  };
-
-  document.getElementById("submit-security-key").onclick = function(e) {
-    e.preventDefault();
-    getWebauthnCredential(
-      document.getElementById("security-key-challenge").value,
-      document
-        .getElementById("security-key-allowed-credential-ids")
-        .value.split(","),
-      credentialData => {
-        document.getElementById(
-          "security-key-credential"
-        ).value = JSON.stringify(credentialData);
-        e.target.parentElement.submit();
-      },
-      errorMessage => {
-        document.getElementById("security-key-error").innerText = errorMessage;
-      }
-    );
-  };
-
-  const useTotp = I18n.t("login.second_factor_toggle.totp");
-  const useBackup = I18n.t("login.second_factor_toggle.backup_code");
-  const backupForm = document.getElementById("backup-second-factor-form");
-  const primaryForm = document.getElementById("primary-second-factor-form");
-  document.getElementById("toggle-form").onclick = function(event) {
-    event.preventDefault();
-    if (backupForm.style.display === "none") {
-      backupForm.style.display = "block";
-      primaryForm.style.display = "none";
-      document.getElementById("toggle-form").innerHTML = useTotp;
-    } else {
-      backupForm.style.display = "none";
-      primaryForm.style.display = "block";
-      document.getElementById("toggle-form").innerHTML = useBackup;
-    }
-  };
-}
diff --git a/app/assets/javascripts/admin-login/admin-login.no-module.js.es6 b/app/assets/javascripts/admin-login/admin-login.no-module.js.es6
deleted file mode 100644
index 4de268433d..0000000000
--- a/app/assets/javascripts/admin-login/admin-login.no-module.js.es6
+++ /dev/null
@@ -1 +0,0 @@
-require("admin-login/admin-login").default();
diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index b7a3fcba17..442ca7cb6d 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -345,11 +345,14 @@ class SessionController < ApplicationController
   end
 
   def email_login_info
-    raise Discourse::NotFound if !SiteSetting.enable_local_logins_via_email
-
     token = params[:token]
     matched_token = EmailToken.confirmable(token)
 
+    if !SiteSetting.enable_local_logins_via_email &&
+          !matched_token.user.admin? # admin-login uses this route, so allow them even if disabled
+      raise Discourse::NotFound
+    end
+
     if matched_token
       response = {
         can_login: true,
@@ -382,13 +385,17 @@ class SessionController < ApplicationController
   end
 
   def email_login
-    raise Discourse::NotFound if !SiteSetting.enable_local_logins_via_email
     second_factor_token = params[:second_factor_token]
     second_factor_method = params[:second_factor_method].to_i
     security_key_credential = params[:security_key_credential]
     token = params[:token]
     matched_token = EmailToken.confirmable(token)
 
+    if !SiteSetting.enable_local_logins_via_email &&
+          !matched_token&.user&.admin? # admin-login uses this route, so allow them even if disabled
+      raise Discourse::NotFound
+    end
+
     if security_key_credential.present?
       if matched_token&.user&.security_keys_enabled?
         security_key_valid = ::Webauthn::SecurityKeyAuthenticationService.new(
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index b4a6515432..da4b6a19bc 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -684,89 +684,12 @@ class UsersController < ApplicationController
       else
         @message = I18n.t("admin_login.errors.unknown_email_address")
       end
-    elsif (token = params[:token]).present?
-      valid_token = EmailToken.valid_token_format?(token)
-
-      if valid_token
-        if params[:second_factor_token].present?
-          RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!
-        end
-
-        email_token_user = EmailToken.confirmable(token)&.user
-        totp_enabled = email_token_user&.totp_enabled?
-        security_keys_enabled = email_token_user&.security_keys_enabled?
-        second_factor_token = params[:second_factor_token]
-        second_factor_method = params[:second_factor_method].to_i
-        confirm_email = false
-        @security_key_required = security_keys_enabled
-
-        if security_keys_enabled && params[:security_key_credential].blank?
-          Webauthn.stage_challenge(email_token_user, secure_session)
-          challenge_and_credentials = Webauthn.allowed_credentials(email_token_user, secure_session)
-          @security_key_challenge = challenge_and_credentials[:challenge]
-          @security_key_allowed_credential_ids = challenge_and_credentials[:allowed_credential_ids].join(",")
-        end
-
-        if security_keys_enabled && params[:security_key_credential].present?
-          credential = JSON.parse(params[:security_key_credential]).with_indifferent_access
-
-          confirm_email = ::Webauthn::SecurityKeyAuthenticationService.new(
-            email_token_user,
-            credential,
-            challenge: Webauthn.challenge(email_token_user, secure_session),
-            rp_id: Webauthn.rp_id(email_token_user, secure_session),
-            origin: Discourse.base_url
-          ).authenticate_security_key
-          @message = I18n.t('login.security_key_invalid') if !confirm_email
-        elsif security_keys_enabled && second_factor_token.blank?
-          confirm_email = false
-          @message = I18n.t("login.second_factor_title")
-          if totp_enabled
-            @second_factor_required = true
-            @backup_codes_enabled = true
-          end
-        else
-          confirm_email =
-            if totp_enabled
-              @second_factor_required = true
-              @backup_codes_enabled = true
-              @message = I18n.t("login.second_factor_title")
-
-              if second_factor_token.present?
-                if email_token_user.authenticate_second_factor(second_factor_token, second_factor_method)
-                  true
-                else
-                  @error = I18n.t("login.invalid_second_factor_code")
-                  false
-                end
-              end
-            else
-              true
-            end
-        end
-
-        if confirm_email
-          @user = EmailToken.confirm(token)
-
-          if @user && @user.admin?
-            log_on_user(@user)
-            return redirect_to path("/")
-          else
-            @message = I18n.t("admin_login.errors.unknown_email_address")
-          end
-        end
-      else
-        @message = I18n.t("admin_login.errors.invalid_token")
-      end
     end
 
     render layout: 'no_ember'
   rescue RateLimiter::LimitExceeded
     @message = I18n.t("rate_limiter.slow_down")
     render layout: 'no_ember'
-  rescue ::Webauthn::SecurityKeyError => err
-    @message = err.message
-    render layout: 'no_ember'
   end
 
   def email_login
diff --git a/app/views/users/admin_login.html.erb b/app/views/users/admin_login.html.erb
index b8bca6efff..726c62e33a 100644
--- a/app/views/users/admin_login.html.erb
+++ b/app/views/users/admin_login.html.erb
@@ -1,61 +1,10 @@
 <% if @message %>
   <%= @message %>
   <% if @error %><p><%= @error %></p><% end %>
-
-  <% if @security_key_required %>
-    <div id="primary-security-key-form">

[... diff too long, it was truncated ...]

GitHub sha: 9e399b42

I support this change, so much nicer.

2 Likes

DEV: revert upgrade of rack to version 2.0.8