blacklisted page - closes lichess-org#6133 - closes lichess-org#5754

jtwires · Mar 7, 2020 · d08ab45 · d08ab45
1 parent 005ba37
commit d08ab45
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 56 deletions.
diff --git a/app/controllers/Auth.scala b/app/controllers/Auth.scala
@@ -92,56 +92,53 @@ final class Auth(
 
   def authenticate = OpenBody { implicit ctx =>
     def redirectTo(url: String) = if (HTTPRequest isXhr ctx.req) Ok(s"ok:$url") else Redirect(url)
-    Firewall(
-      {
-        implicit val req = ctx.body
-        val referrer     = get("referrer").filterNot(sillyLoginReferrers.contains)
-        api.usernameOrEmailForm.bindFromRequest.fold(
-          err =>
-            negotiate(
-              html = Unauthorized(html.auth.login(api.loginForm, referrer)).fuccess,
-              api = _ => Unauthorized(ridiculousBackwardCompatibleJsonError(errorsAsJson(err))).fuccess
-            ),
-          usernameOrEmail =>
-            HasherRateLimit(usernameOrEmail, ctx.req) {
-              chargeIpLimiter =>
-                api.loadLoginForm(usernameOrEmail) flatMap {
-                  loginForm =>
-                    loginForm.bindFromRequest.fold(
-                      err => {
-                        chargeIpLimiter(1)
-                        negotiate(
-                          html = fuccess {
-                            err.errors match {
-                              case List(FormError("", List(err), _)) if is2fa(err) => Ok(err)
-                              case _                                               => Unauthorized(html.auth.login(err, referrer))
-                            }
-                          },
-                          api = _ =>
-                            Unauthorized(ridiculousBackwardCompatibleJsonError(errorsAsJson(err))).fuccess
-                        )
-                      },
-                      result =>
-                        result.toOption match {
-                          case None => InternalServerError("Authentication error").fuccess
-                          case Some(u) if u.disabled =>
-                            negotiate(
-                              html = redirectTo(routes.Account.reopen.url).fuccess,
-                              api = _ => Unauthorized(jsonError("This account is closed.")).fuccess
-                            )
-                          case Some(u) =>
-                            env.user.repo.email(u.id) foreach {
-                              _ foreach { garbageCollect(u, _) }
-                            }
-                            authenticateUser(u, Some(redirectTo))
-                        }
-                    )
-                }
-            }
-        )
-      },
-      redirectTo("/").fuccess
-    )
+    Firewall {
+      implicit val req = ctx.body
+      val referrer     = get("referrer").filterNot(sillyLoginReferrers.contains)
+      api.usernameOrEmailForm.bindFromRequest.fold(
+        err =>
+          negotiate(
+            html = Unauthorized(html.auth.login(api.loginForm, referrer)).fuccess,
+            api = _ => Unauthorized(ridiculousBackwardCompatibleJsonError(errorsAsJson(err))).fuccess
+          ),
+        usernameOrEmail =>
+          HasherRateLimit(usernameOrEmail, ctx.req) {
+            chargeIpLimiter =>
+              api.loadLoginForm(usernameOrEmail) flatMap {
+                loginForm =>
+                  loginForm.bindFromRequest.fold(
+                    err => {
+                      chargeIpLimiter(1)
+                      negotiate(
+                        html = fuccess {
+                          err.errors match {
+                            case List(FormError("", List(err), _)) if is2fa(err) => Ok(err)
+                            case _                                               => Unauthorized(html.auth.login(err, referrer))
+                          }
+                        },
+                        api = _ =>
+                          Unauthorized(ridiculousBackwardCompatibleJsonError(errorsAsJson(err))).fuccess
+                      )
+                    },
+                    result =>
+                      result.toOption match {
+                        case None => InternalServerError("Authentication error").fuccess
+                        case Some(u) if u.disabled =>
+                          negotiate(
+                            html = redirectTo(routes.Account.reopen.url).fuccess,
+                            api = _ => Unauthorized(jsonError("This account is closed.")).fuccess
+                          )
+                        case Some(u) =>
+                          env.user.repo.email(u.id) foreach {
+                            _ foreach { garbageCollect(u, _) }
+                          }
+                          authenticateUser(u, Some(redirectTo))
+                      }
+                  )
+              }
+          }
+      )
+    }
   }
 
   def logout = Open { implicit ctx =>

diff --git a/app/controllers/KeyPages.scala b/app/controllers/KeyPages.scala
@@ -31,4 +31,8 @@ final class KeyPages(env: Env)(implicit ec: scala.concurrent.ExecutionContext) {
   def notFound(ctx: Context): Result = {
     Results.NotFound(html.base.notFound()(ctx))
   }
+
+  def blacklisted(implicit ctx: Context): Result = {
+    Results.Unauthorized(html.site.message.blacklisted)
+  }
 }
diff --git a/app/controllers/LilaController.scala b/app/controllers/LilaController.scala
@@ -252,12 +252,9 @@ abstract private[controllers] class LilaController(val env: Env)
       if (isGranted(perm, me)) f(req)(me) else fuccess(forbiddenJsonResult)
     }(req)
 
-  protected def Firewall[A <: Result](
-      a: => Fu[A],
-      or: => Fu[Result] = fuccess(Redirect(routes.Lobby.home()))
-  )(implicit ctx: Context): Fu[Result] =
-    if (env.security.firewall accepts ctx.req) a
-    else or
+  protected def Firewall[A <: Result](a: => Fu[A])(implicit ctx: Context): Fu[Result] =
+    else if (env.security.firewall accepts ctx.req) a
+    else fuccess(keyPages.blacklisted)
 
   protected def NoTor(res: => Fu[Result])(implicit ctx: Context) =
     if (env.security.tor isExitNode HTTPRequest.lastRemoteAddress(ctx.req))

diff --git a/app/views/site/message.scala b/app/views/site/message.scala
@@ -40,6 +40,10 @@ object message {
     "Sorry, boosters and sandbaggers are not allowed here."
   }
 
+  def blacklisted(implicit ctx: Context) = apply("IP address blacklisted") {
+    "Sorry, your IP address has been used to violate the ToS, and is now blacklisted."
+  }
+
   def privateStudy(study: lila.study.Study)(implicit ctx: Context) =
     apply(
       title = s"${usernameOrId(study.ownerId)}'s study",