Login: Require user to not be signed in to get request password email (#35421)

2024-11-25 18:30:41 -06:00 · 2021-06-14 18:02:05 +02:00 · 2021-06-14 18:02:05 +02:00 · 7f882eea05
commit 7f882eea05
parent 395b942134
2 changed files with 8 additions and 1 deletions
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@ -23,6 +23,7 @@ var plog = log.New("api")
 func (hs *HTTPServer) registerRoutes() {
 	reqNoAuth := middleware.NoAuth()
 	reqSignedIn := middleware.ReqSignedIn
+	reqNotSignedIn := middleware.ReqNotSignedIn
 	reqSignedInNoAnonymous := middleware.ReqSignedInNoAnonymous
 	reqGrafanaAdmin := middleware.ReqGrafanaAdmin
 	reqEditorRole := middleware.ReqEditorRole
@ -112,7 +113,7 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Post("/api/user/invite/complete", bind(dtos.CompleteInviteForm{}), routing.Wrap(hs.CompleteInvite))

 	// reset password
-	r.Get("/user/password/send-reset-email", hs.Index)
+	r.Get("/user/password/send-reset-email", reqNotSignedIn, hs.Index)
 	r.Get("/user/password/reset", hs.Index)

 	r.Post("/api/user/password/send-reset-email", bind(dtos.SendResetPasswordEmailForm{}), routing.Wrap(SendResetPasswordEmail))
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -161,6 +161,12 @@ func SnapshotPublicModeOrSignedIn(cfg *setting.Cfg) macaron.Handler {
 	}
 }

+func ReqNotSignedIn(c *models.ReqContext) {
+	if c.IsSignedIn {
+		c.Redirect(setting.AppSubUrl + "/")
+	}
+}
+
 // NoAuth creates a middleware that doesn't require any authentication.
 // If forceLogin param is set it will redirect the user to the login page.
 func NoAuth() macaron.Handler {