+ def update_totp
+ if defined?(TOTP_KEY)
+ cookies["_osm_totp_token"] = {
+ :value => ROTP::TOTP.new(TOTP_KEY, :interval => 3600).now,
+ :domain => "openstreetmap.org",
+ :expires => 1.hour.from_now
+ }
+ end
+ end
+
+ def better_errors_allow_inline
+ yield
+ rescue StandardError
+ append_content_security_policy_directives(
+ :script_src => %w['unsafe-inline'],
+ :style_src => %w['unsafe-inline']
+ )
+
+ raise
+ end
+
+ def current_ability
+ # Add in capabilities from the oauth token if it exists and is a valid access token
+ if Authenticator.new(self, [:token]).allow?
+ Ability.new(current_user).merge(Capability.new(current_token))
+ else
+ Ability.new(current_user)
+ end
+ end
+
+ def deny_access(_exception)
+ if current_token
+ set_locale
+ report_error t("oauth.permissions.missing"), :forbidden
+ elsif current_user
+ set_locale
+ report_error t("application.permission_denied"), :forbidden
+ elsif request.get?
+ redirect_to :controller => "users", :action => "login", :referer => request.fullpath
+ else
+ head :forbidden
+ end
+ end
+