diff --git a/app/controllers/Auth.scala b/app/controllers/Auth.scala index 2ef7bab793493..942214e8ba6c0 100644 --- a/app/controllers/Auth.scala +++ b/app/controllers/Auth.scala @@ -92,56 +92,53 @@ final class Auth( def authenticate = OpenBody { implicit ctx => def redirectTo(url: String) = if (HTTPRequest isXhr ctx.req) Ok(s"ok:$url") else Redirect(url) - Firewall( - { - implicit val req = ctx.body - val referrer = get("referrer").filterNot(sillyLoginReferrers.contains) - api.usernameOrEmailForm.bindFromRequest.fold( - err => - negotiate( - html = Unauthorized(html.auth.login(api.loginForm, referrer)).fuccess, - api = _ => Unauthorized(ridiculousBackwardCompatibleJsonError(errorsAsJson(err))).fuccess - ), - usernameOrEmail => - HasherRateLimit(usernameOrEmail, ctx.req) { - chargeIpLimiter => - api.loadLoginForm(usernameOrEmail) flatMap { - loginForm => - loginForm.bindFromRequest.fold( - err => { - chargeIpLimiter(1) - negotiate( - html = fuccess { - err.errors match { - case List(FormError("", List(err), _)) if is2fa(err) => Ok(err) - case _ => Unauthorized(html.auth.login(err, referrer)) - } - }, - api = _ => - Unauthorized(ridiculousBackwardCompatibleJsonError(errorsAsJson(err))).fuccess - ) - }, - result => - result.toOption match { - case None => InternalServerError("Authentication error").fuccess - case Some(u) if u.disabled => - negotiate( - html = redirectTo(routes.Account.reopen.url).fuccess, - api = _ => Unauthorized(jsonError("This account is closed.")).fuccess - ) - case Some(u) => - env.user.repo.email(u.id) foreach { - _ foreach { garbageCollect(u, _) } - } - authenticateUser(u, Some(redirectTo)) - } - ) - } - } - ) - }, - redirectTo("/").fuccess - ) + Firewall { + implicit val req = ctx.body + val referrer = get("referrer").filterNot(sillyLoginReferrers.contains) + api.usernameOrEmailForm.bindFromRequest.fold( + err => + negotiate( + html = Unauthorized(html.auth.login(api.loginForm, referrer)).fuccess, + api = _ => Unauthorized(ridiculousBackwardCompatibleJsonError(errorsAsJson(err))).fuccess + ), + usernameOrEmail => + HasherRateLimit(usernameOrEmail, ctx.req) { + chargeIpLimiter => + api.loadLoginForm(usernameOrEmail) flatMap { + loginForm => + loginForm.bindFromRequest.fold( + err => { + chargeIpLimiter(1) + negotiate( + html = fuccess { + err.errors match { + case List(FormError("", List(err), _)) if is2fa(err) => Ok(err) + case _ => Unauthorized(html.auth.login(err, referrer)) + } + }, + api = _ => + Unauthorized(ridiculousBackwardCompatibleJsonError(errorsAsJson(err))).fuccess + ) + }, + result => + result.toOption match { + case None => InternalServerError("Authentication error").fuccess + case Some(u) if u.disabled => + negotiate( + html = redirectTo(routes.Account.reopen.url).fuccess, + api = _ => Unauthorized(jsonError("This account is closed.")).fuccess + ) + case Some(u) => + env.user.repo.email(u.id) foreach { + _ foreach { garbageCollect(u, _) } + } + authenticateUser(u, Some(redirectTo)) + } + ) + } + } + ) + } } def logout = Open { implicit ctx => diff --git a/app/controllers/KeyPages.scala b/app/controllers/KeyPages.scala index 167130aa8d26b..5a0fc570f82ac 100644 --- a/app/controllers/KeyPages.scala +++ b/app/controllers/KeyPages.scala @@ -31,4 +31,8 @@ final class KeyPages(env: Env)(implicit ec: scala.concurrent.ExecutionContext) { def notFound(ctx: Context): Result = { Results.NotFound(html.base.notFound()(ctx)) } + + def blacklisted(implicit ctx: Context): Result = { + Results.Unauthorized(html.site.message.blacklisted) + } } diff --git a/app/controllers/LilaController.scala b/app/controllers/LilaController.scala index ce3978218a1b3..48ca9d4cb5763 100644 --- a/app/controllers/LilaController.scala +++ b/app/controllers/LilaController.scala @@ -252,12 +252,9 @@ abstract private[controllers] class LilaController(val env: Env) if (isGranted(perm, me)) f(req)(me) else fuccess(forbiddenJsonResult) }(req) - protected def Firewall[A <: Result]( - a: => Fu[A], - or: => Fu[Result] = fuccess(Redirect(routes.Lobby.home())) - )(implicit ctx: Context): Fu[Result] = - if (env.security.firewall accepts ctx.req) a - else or + protected def Firewall[A <: Result](a: => Fu[A])(implicit ctx: Context): Fu[Result] = + else if (env.security.firewall accepts ctx.req) a + else fuccess(keyPages.blacklisted) protected def NoTor(res: => Fu[Result])(implicit ctx: Context) = if (env.security.tor isExitNode HTTPRequest.lastRemoteAddress(ctx.req)) diff --git a/app/views/site/message.scala b/app/views/site/message.scala index 9b155bb38c1f0..d9628c42b7f04 100644 --- a/app/views/site/message.scala +++ b/app/views/site/message.scala @@ -40,6 +40,10 @@ object message { "Sorry, boosters and sandbaggers are not allowed here." } + def blacklisted(implicit ctx: Context) = apply("IP address blacklisted") { + "Sorry, your IP address has been used to violate the ToS, and is now blacklisted." + } + def privateStudy(study: lila.study.Study)(implicit ctx: Context) = apply( title = s"${usernameOrId(study.ownerId)}'s study",