~cytrogen/masto-fe

ref: 34f5b90dc77956d33750695124f23c37a6ea7fd5 masto-fe/app/lib/suspicious_sign_in_detector.rb -rw-r--r-- 842 bytes
34f5b90d — renovate[bot] Update dependency sass to v1.66.1 (#26534) 2 years ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

# frozen_string_literal: true

class SuspiciousSignInDetector
  IPV6_TOLERANCE_MASK = 64
  IPV4_TOLERANCE_MASK = 16

  def initialize(user)
    @user = user
  end

  def suspicious?(request)
    !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request)
  end

  private

  def sufficient_security_measures?
    @user.otp_required_for_login?
  end

  def previously_seen_ip?(request)
    @user.ips.where('ip <<= ?', masked_ip(request)).exists?
  end

  def freshly_signed_up?
    @user.current_sign_in_at.blank?
  end

  def masked_ip(request)
    masked_ip_addr = begin
      ip_addr = IPAddr.new(request.remote_ip)

      if ip_addr.ipv6?
        ip_addr.mask(IPV6_TOLERANCE_MASK)
      else
        ip_addr.mask(IPV4_TOLERANCE_MASK)
      end
    end

    "#{masked_ip_addr}/#{masked_ip_addr.prefix}"
  end
end