123456789101112131415161718192021222324252627282930313233343536373839404142 |
- # frozen_string_literal: true
- class SuspiciousSignInDetector
- IPV6_TOLERANCE_MASK = 64
- IPV4_TOLERANCE_MASK = 16
- def initialize(user)
- @user = user
- end
- def suspicious?(request)
- !sufficient_security_measures? && !freshly_signed_up? && !previously_seen_ip?(request)
- end
- private
- def sufficient_security_measures?
- @user.otp_required_for_login?
- end
- def previously_seen_ip?(request)
- @user.ips.contained_by(masked_ip(request)).exists?
- end
- def freshly_signed_up?
- @user.current_sign_in_at.blank?
- end
- def masked_ip(request)
- masked_ip_addr = begin
- ip_addr = IPAddr.new(request.remote_ip)
- if ip_addr.ipv6?
- ip_addr.mask(IPV6_TOLERANCE_MASK)
- else
- ip_addr.mask(IPV4_TOLERANCE_MASK)
- end
- end
- "#{masked_ip_addr}/#{masked_ip_addr.prefix}"
- end
- end
|