discourse
diff --git a/‎app/controllers/admin/backups_controller.rb
Lines changed: 14 additions & 1 deletion b/‎app/controllers/admin/backups_controller.rb
Lines changed: 14 additions & 1 deletion
diff --git a/‎app/controllers/application_controller.rb
Lines changed: 1 addition & 3 deletions b/‎app/controllers/application_controller.rb
Lines changed: 1 addition & 3 deletions
diff --git a/‎app/controllers/categories_controller.rb
Lines changed: 3 additions & 0 deletions b/‎app/controllers/categories_controller.rb
Lines changed: 3 additions & 0 deletions
diff --git a/‎app/controllers/presence_controller.rb
Lines changed: 0 additions & 2 deletions b/‎app/controllers/presence_controller.rb
Lines changed: 0 additions & 2 deletions
diff --git a/‎app/controllers/session_controller.rb
Lines changed: 13 additions & 10 deletions b/‎app/controllers/session_controller.rb
Lines changed: 13 additions & 10 deletions
diff --git a/‎app/controllers/users/omniauth_callbacks_controller.rb
Lines changed: 5 additions & 7 deletions b/‎app/controllers/users/omniauth_callbacks_controller.rb
Lines changed: 5 additions & 7 deletions
diff --git a/‎app/controllers/users_controller.rb
Lines changed: 18 additions & 21 deletions b/‎app/controllers/users_controller.rb
Lines changed: 18 additions & 21 deletions
diff --git a/‎app/controllers/webhooks_controller.rb
Lines changed: 10 additions & 3 deletions b/‎app/controllers/webhooks_controller.rb
Lines changed: 10 additions & 3 deletions
diff --git a/‎config/locales/server.en.yml
Lines changed: 1 addition & 4 deletions b/‎config/locales/server.en.yml
Lines changed: 1 addition & 4 deletions
diff --git a/‎lib/application_layout_preloader.rb
Lines changed: 3 additions & 2 deletions b/‎lib/application_layout_preloader.rb
Lines changed: 3 additions & 2 deletions
@@ -8,7 +8,20 @@ class Admin::BackupsController < Admin::AdminController
 
   before_action :ensure_backups_enabled
   skip_before_action :check_xhr, only: %i[index show logs check_backup_chunk upload_backup_chunk]
-  skip_before_action :ensure_backups_enabled, only: %w[show status index email]
+  skip_before_action :ensure_backups_enabled, only: %i[show status index email]
+
+  allow_in_readonly_mode :create,
+                         :cancel,
+                         :email,
+                         :destroy,
+                         :restore,
+                         :rollback,
+                         :readonly,
+                         :upload_backup_chunk,
+                         :create_multipart,
+                         :complete_multipart,
+                         :abort_multipart,
+                         :batch_presign_multipart_parts
 
   def index
     respond_to do |format|
 
@@ -145,7 +145,7 @@ class PluginDisabled < StandardError
   rescue_from PG::ReadOnlySqlTransaction do |e|
     Discourse.received_postgres_readonly!
     Rails.logger.error("#{e.class} #{e.message}: #{e.backtrace.join("\n")}")
-    rescue_with_handler(Discourse::ReadOnly.new) || raise
+    rescue_with_handler(Discourse::ReadOnly) || raise
   end
 
   rescue_from ActionController::ParameterMissing do |e|
@@ -580,9 +580,7 @@ def handle_permalink(path)
 
   def rate_limit_second_factor!(user)
     return if params[:second_factor_token].blank?
-
     RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 6, 1.minute).performed!
-
     RateLimiter.new(nil, "second-factor-min-#{user.username}", 6, 1.minute).performed! if user
   end
 
 
@@ -29,6 +29,9 @@ class CategoriesController < ApplicationController
                      ]
   skip_before_action :verify_authenticity_token, only: %i[search]
 
+  # The front-end is POSTing data to this endpoint, but we're not modifying anything
+  allow_in_readonly_mode :search
+
   SYMMETRICAL_CATEGORIES_TO_TOPICS_FACTOR = 1.5
   MIN_CATEGORIES_TOPICS = 5
   MAX_CATEGORIES_LIMIT = 25
 
@@ -42,8 +42,6 @@ def get
   end
 
   def update
-    raise Discourse::ReadOnly if @readonly_mode
-
     client_id = params[:client_id]
     if !client_id.is_a?(String) || client_id.blank?
       raise Discourse::InvalidParameters.new(:client_id)
 
@@ -12,7 +12,8 @@ class SessionController < ApplicationController
 
   skip_before_action :check_xhr, only: %i[second_factor_auth_show]
 
-  allow_in_staff_writes_only_mode :create, :email_login, :forgot_password
+  allow_in_readonly_mode :email_login
+  allow_in_staff_writes_only_mode :create, :forgot_password
 
   ACTIVATE_USER_KEY = "activate_user"
   FORGOT_PASSWORD_EMAIL_LIMIT_PER_DAY = 6
@@ -107,7 +108,6 @@ def sso_provider(payload = nil, confirmed_2fa_during_login = false)
 
     def become
       raise Discourse::InvalidAccess if Rails.env.production?
-      raise Discourse::ReadOnly if @readonly_mode
 
       if ENV["DISCOURSE_DEV_ALLOW_ANON_TO_IMPERSONATE"] != "1"
         return render plain: <<~TEXT, status: 403
@@ -166,7 +166,7 @@ def test_second_factor_restricted_route
 
   def sso_login
     raise Discourse::NotFound unless SiteSetting.enable_discourse_connect
-    raise Discourse::ReadOnly if @readonly_mode && !staff_writes_only_mode?
+    raise Discourse::ReadOnly if @readonly_mode && !@staff_writes_only_mode
 
     params.require(:sso)
     params.require(:sig)
@@ -207,7 +207,7 @@ def sso_login
       invite = validate_invitiation!(sso)
 
       if user = sso.lookup_or_create_user(request.remote_ip)
-        raise Discourse::ReadOnly if staff_writes_only_mode? && !user&.staff?
+        raise Discourse::ReadOnly if @staff_writes_only_mode && !user&.staff?
 
         if user.suspended?
           render_sso_error(text: failed_to_login(user)[:error], status: 403)
@@ -332,7 +332,7 @@ def create
 
     user = User.find_by_username_or_email(normalized_login_param)
 
-    raise Discourse::ReadOnly if staff_writes_only_mode? && !user&.staff?
+    raise Discourse::ReadOnly if @staff_writes_only_mode && !user&.staff?
 
     rate_limit_second_factor!(user)
 
@@ -446,24 +446,27 @@ def email_login_info
 
   def email_login
     token = params[:token]
-    matched_token = EmailToken.confirmable(token, scope: EmailToken.scopes[:email_login])
-    user = matched_token&.user
+    user = EmailToken.confirmable(token, scope: EmailToken.scopes[:email_login])&.user
 
     check_local_login_allowed(user: user, check_login_via_email: true)
-
     rate_limit_second_factor!(user)
 
     if user.present? && !authenticate_second_factor(user).ok
       return render(json: @second_factor_failure_payload)
     end
 
     if user = EmailToken.confirm(token, scope: EmailToken.scopes[:email_login])
+      if @staff_writes_only_mode
+        raise Discourse::ReadOnly unless user.staff?
+      elsif @readonly_mode
+        raise Discourse::ReadOnly unless user.admin?
+      end
+
       if login_not_approved_for?(user)
         return render json: login_not_approved
       elsif payload = login_error_check(user)
         return render json: payload
       else
-        raise Discourse::ReadOnly if staff_writes_only_mode? && !user&.staff?
         user.update_timezone_if_missing(params[:timezone])
         log_on_user(user)
         return render json: success_json
@@ -636,7 +639,7 @@ def forgot_password
       end
 
     if user
-      raise Discourse::ReadOnly if staff_writes_only_mode? && !user.staff?
+      raise Discourse::ReadOnly if @staff_writes_only_mode && !user.staff?
       enqueue_password_reset_for_user(user)
     else
       RateLimiter.new(
 
@@ -1,4 +1,3 @@
-# -*- encoding : utf-8 -*-
 # frozen_string_literal: true
 
 class Users::OmniauthCallbacksController < ApplicationController
@@ -13,6 +12,7 @@ class Users::OmniauthCallbacksController < ApplicationController
   # will not have a CSRF token, however the payload is all validated so its safe
   skip_before_action :verify_authenticity_token, only: :complete
 
+  # These are usually GET requests but some providers use POST requests
   allow_in_staff_writes_only_mode :complete
 
   def confirm_request
@@ -21,17 +21,15 @@ def confirm_request
   end
 
   def complete
-    auth = request.env["omniauth.auth"]
-    raise Discourse::NotFound unless request.env["omniauth.auth"]
-    raise Discourse::ReadOnly if @readonly_mode && !staff_writes_only_mode?
+    raise Discourse::ReadOnly if @readonly_mode && !@staff_writes_only_mode
+    raise Discourse::NotFound unless auth = request.env["omniauth.auth"]
 
     auth[:session] = session
 
     authenticator = self.class.find_authenticator(params[:provider])
 
     if session.delete(:auth_reconnect) && authenticator.can_connect_existing_user? && current_user
-      path = persist_auth_token(auth)
-      return redirect_to path
+      return redirect_to persist_auth_token(auth)
     else
       DiscourseEvent.trigger(:before_auth, authenticator, auth, session, cookies, request)
       @auth_result = authenticator.after_authenticate(auth)
@@ -71,7 +69,7 @@ def complete
 
     return render_auth_result_failure if @auth_result.failed?
 
-    raise Discourse::ReadOnly if staff_writes_only_mode? && !@auth_result.user&.staff?
+    raise Discourse::ReadOnly if @staff_writes_only_mode && !@auth_result.user&.staff?
 
     complete_response_data
 
 
@@ -107,7 +107,8 @@ class UsersController < ApplicationController
 
   before_action :add_noindex_header, only: %i[show my_redirect]
 
-  allow_in_staff_writes_only_mode :admin_login, :email_login, :password_reset_update
+  allow_in_readonly_mode :admin_login
+  allow_in_staff_writes_only_mode :email_login, :password_reset_update
 
   MAX_RECENT_SEARCHES = 5
 
@@ -862,7 +863,6 @@ def remove_password
     RateLimiter.new(nil, "remove-password-hr-#{user.username}", 6, 1.hour).performed!
 
     raise Discourse::NotFound if !user || !user.user_password
-    raise Discourse::ReadOnly if staff_writes_only_mode? && !user.staff?
     raise Discourse::InvalidAccess if !session_is_trusted?
 
     user.remove_password
@@ -872,16 +872,15 @@ def remove_password
 
   def password_reset_update
     expires_now
+
     token = params[:token]
-    password_reset_find_user(token, committing_change: true)
 
+    password_reset_find_user(token, committing_change: true)
     rate_limit_second_factor!(@user)
 
-    # no point doing anything else if we can't even find
-    # a user from the token
-    if @user
-      raise Discourse::ReadOnly if staff_writes_only_mode? && !@user.staff?
+    raise Discourse::ReadOnly if @staff_writes_only_mode && !@user&.staff?
 
+    if @user
       if !secure_session["second-factor-#{token}"]
         second_factor_authentication_result =
           @user.authenticate_second_factor(params, secure_session)
@@ -1008,21 +1007,17 @@ def admin_login
       RateLimiter.new(nil, "admin-login-hr-#{request.remote_ip}", 6, 1.hour).performed!
       RateLimiter.new(nil, "admin-login-min-#{request.remote_ip}", 3, 1.minute).performed!
 
-      if user = User.with_email(params[:email]).admins.human_users.first
+      if user = User.real.admins.with_email(params[:email]).first
         email_token =
-          user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:email_login])
-        token_string = email_token.token
-        token_string += "?safe_mode=no_plugins,no_themes" if params["use_safe_mode"]
-        Jobs.enqueue(
-          :critical_user_email,
-          type: "admin_login",
-          user_id: user.id,
-          email_token: token_string,
-        )
-        @message = I18n.t("admin_login.success")
-      else
-        @message = I18n.t("admin_login.errors.unknown_email_address")
+          user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:email_login]).token
+        email_token += "?safe_mode=no_plugins,no_themes" if params["use_safe_mode"]
+        Jobs.enqueue(:critical_user_email, type: "admin_login", user_id: user.id, email_token:)
       end
+
+      # NOTE: we don't check for `readonly` mode here because it might leak information about whether
+      # an email address is a registered admin account.
+
+      @message = I18n.t("admin_login.acknowledgement", email: params[:email])
     end
 
     render layout: "no_ember"
@@ -1040,13 +1035,15 @@ def email_login
 
     RateLimiter.new(nil, "email-login-hour-#{request.remote_ip}", 6, 1.hour).performed!
     RateLimiter.new(nil, "email-login-min-#{request.remote_ip}", 3, 1.minute).performed!
-    user = User.human_users.find_by_username_or_email(params[:login])
+    user = User.real.find_by_username_or_email(params[:login])
     user_presence = user.present? && !user.staged
 
     if user
       RateLimiter.new(nil, "email-login-hour-#{user.id}", 6, 1.hour).performed!
       RateLimiter.new(nil, "email-login-min-#{user.id}", 3, 1.minute).performed!
 
+      raise Discourse::ReadOnly if @staff_writes_only_mode && !user.staff?
+
       if user_presence
         DiscourseEvent.trigger(:before_email_login, user)
 
 
@@ -1,10 +1,17 @@
 # frozen_string_literal: true
 
-require "openssl"
-
 class WebhooksController < ActionController::Base
+  include ReadOnlyMixin
+
   skip_before_action :verify_authenticity_token
 
+  before_action :check_readonly_mode
+  before_action :block_if_readonly_mode
+
+  rescue_from Discourse::ReadOnly do
+    head :service_unavailable
+  end
+
   def mailgun
     return signature_failure if SiteSetting.mailgun_api_key.blank?
 
@@ -279,7 +286,7 @@ def valid_sendgrid_signature?
 
     begin
       public_key = OpenSSL::PKey::EC.new(Base64.decode64(SiteSetting.sendgrid_verification_key))
-    rescue StandardError => err
+    rescue StandardError
       Rails.logger.error("Invalid Sendgrid verification key")
       return false
     end
 
@@ -5307,10 +5307,7 @@ en:
     badge_title_metadata: "%{display_name} badge on %{site_title}"
 
   admin_login:
-    success: "Email Sent"
-    errors:
-      unknown_email_address: "Unknown email address."
-      invalid_token: "Invalid token."
+    acknowledgement: "If an admin account with the email address %{email} exists, you will receive an email with a link to log in."
     email_input: "Admin Email"
     submit_button: "Send Email"
     safe_mode: "Safe Mode: disable all themes/plugins when logging in"
 
@@ -109,13 +109,14 @@ def preload_current_user_data
   end
 
   def preload_anonymous_data
+    check_readonly_mode if @readonly_mode.nil?
     @preloaded["site"] = Site.json_for(@guardian)
     @preloaded["siteSettings"] = SiteSetting.client_settings_json
     @preloaded["customHTML"] = custom_html_json
     @preloaded["banner"] = banner_json
     @preloaded["customEmoji"] = custom_emoji
-    @preloaded["isReadOnly"] = get_or_check_readonly_mode.to_json
-    @preloaded["isStaffWritesOnly"] = get_or_check_staff_writes_only_mode.to_json
+    @preloaded["isReadOnly"] = @readonly_mode.to_json
+    @preloaded["isStaffWritesOnly"] = @staff_writes_only_mode.to_json
     @preloaded["activatedThemes"] = activated_themes_json
   end
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,9 @@ class CategoriesController < ApplicationController`
`29`	`29`	`]`
`30`	`30`	`skip_before_action :verify_authenticity_token, only: %i[search]`
`31`	`31`
	`32`	`+ # The front-end is POSTing data to this endpoint, but we're not modifying anything`
	`33`	`+ allow_in_readonly_mode :search`
	`34`	`+`
`32`	`35`	`SYMMETRICAL_CATEGORIES_TO_TOPICS_FACTOR = 1.5`
`33`	`36`	`MIN_CATEGORIES_TOPICS = 5`
`34`	`37`	`MAX_CATEGORIES_LIMIT = 25`