Merge from dev to main for v1.1.3

obl-ong · Nov 22, 2023 · bba3430 · bba3430
2 parents 189b88f + 0800038
commit bba3430
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a vulnerability, either use the inbuilt security reporting feature in GitHub, or shoot us an email at [email protected]. 
+
+**DO NOT FILE AN ISSUE WITH A SECURITY VULNERABILITY**
+
+We thank you in advance for finding and reporting security issues!
diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb
@@ -20,16 +20,20 @@ def login
   def email
     user = User::User.find_by(email: params[:email])
 
-    if(user.blank?)
+    if(!user)
       redirect_to(controller: "users", action: "register")
+      return
     elsif(user.disable_email_auth?)
       flash[:notice] = "Email login codes are disabled"
       redirect_to(controller: "auth", action: "login")
+      return
     end
 
 
-    if Time.now.to_i > (user.otp_last_minted.nil? ? 0 : user.otp_last_minted) + 600 || params[:resend] == "true" then
+    if Time.now.to_i > (user.try(:otp_last_minted).nil? ? 0 : user.otp_last_minted) + 600 || params[:resend] == "true" then
       User::Mailer.with(user: user).verification_email.deliver_later
+      if params[:resend] == "true" then flash[:notice] = "Sent email code" end
+
     end
 
   end