From 777b19c775ec0146664be9604ae6ae87d82bdb78 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 2 Jan 2017 22:51:18 +0000
Subject: [PATCH] Make export action send TOTP cookie

---
 app/controllers/application_controller.rb | 10 ++++++++++
 app/controllers/export_controller.rb      |  1 +
 app/controllers/site_controller.rb        |  9 +--------
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 09a35beb3..354fcc7c0 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -419,6 +419,16 @@ class ApplicationController < ActionController::Base
 
   helper_method :preferred_editor
 
+  def update_totp
+    if defined?(TOTP_KEY)
+      cookies["_osm_totp_token"] = {
+        :value => ROTP::TOTP.new(TOTP_KEY, :interval => 3600).now,
+        :domain => "openstreetmap.org",
+        :expires => 1.hour.from_now
+      }
+    end
+  end
+
   private
 
   # extract authorisation credentials from headers, returns user = nil if none
diff --git a/app/controllers/export_controller.rb b/app/controllers/export_controller.rb
index fa7944516..6e5016ddc 100644
--- a/app/controllers/export_controller.rb
+++ b/app/controllers/export_controller.rb
@@ -1,6 +1,7 @@
 class ExportController < ApplicationController
   before_action :authorize_web
   before_action :set_locale
+  before_action :update_totp, :only => [:finish]
 
   caches_page :embed
 
diff --git a/app/controllers/site_controller.rb b/app/controllers/site_controller.rb
index 71285356a..5d35b9979 100644
--- a/app/controllers/site_controller.rb
+++ b/app/controllers/site_controller.rb
@@ -8,19 +8,12 @@ class SiteController < ApplicationController
   before_action :redirect_map_params, :only => [:index, :edit, :export]
   before_action :require_user, :only => [:welcome]
   before_action :require_oauth, :only => [:index]
+  before_action :update_totp, :only => [:index]
 
   def index
     unless STATUS == :database_readonly || STATUS == :database_offline
       session[:location] ||= OSM.ip_location(request.env["REMOTE_ADDR"])
     end
-
-    if defined?(TOTP_KEY)
-      cookies["_osm_totp_token"] = {
-        :value => ROTP::TOTP.new(TOTP_KEY, :interval => 3600).now,
-        :domain => "openstreetmap.org",
-        :expires => 1.hour.from_now
-      }
-    end
   end
 
   def permalink
-- 
2.43.2