allow banned IPs to call the GET version of Account/Login, only preve…

…nt POST, avoid unnecessary db hit on GET Account/Login for user check
TASVideos · Nov 2, 2024 · 7dcebd3 · 7dcebd3
1 parent 4427a1c
commit 7dcebd3
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/TASVideos/Pages/Account/Login.cshtml.cs b/TASVideos/Pages/Account/Login.cshtml.cs
@@ -15,8 +15,7 @@ public class LoginModel(SignInManager signInManager, IHostEnvironment env) : Bas
 
 	public async Task<IActionResult> OnGet()
 	{
-		var user = await signInManager.UserManager.GetUserAsync(User);
-		if (user is not null)
+		if (User.Identity?.IsAuthenticated ?? false)
 		{
 			return BaseReturnUrlRedirect();
 		}

diff --git a/TASVideos/Pages/IpBanCheckAttribute.cs b/TASVideos/Pages/IpBanCheckAttribute.cs
@@ -8,6 +8,12 @@ public class IpBanCheckAttribute : Attribute, IAsyncPageFilter
 {
 	public async Task OnPageHandlerExecutionAsync(PageHandlerExecutingContext context, PageHandlerExecutionDelegate next)
 	{
+		if (context.HttpContext.Request.Method == "GET")
+		{
+			await next.Invoke();
+			return;
+		}
+
 		var banService = context.HttpContext.RequestServices.GetRequiredService<IIpBanService>();
 
 		var ip = context.HttpContext.ActualIpAddress();