-
Notifications
You must be signed in to change notification settings - Fork 56
add login screen, redirect when unauthorized #302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: develop
Are you sure you want to change the base?
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -499,7 +499,13 @@ function authenticatedAjax(settings) { | |
| Authorization: token | ||
| }; | ||
| } | ||
| return $.ajax(settings); | ||
| let ajax = $.ajax(settings); | ||
| ajax.fail((jqxhr) => { | ||
| if (jqxhr.status == 401) { | ||
| requireLogin() | ||
| } | ||
| }) | ||
| return ajax | ||
| } | ||
|
|
||
|
|
||
|
|
@@ -508,7 +514,7 @@ function authenticatedAjax(settings) { | |
| $(document).ready(function() { | ||
| updateLoginStatus(); | ||
|
|
||
| $('#loginForm').submit(function(e) { | ||
| $('#loginForm').submit(function(e) { | ||
| e.preventDefault(); | ||
| $.ajax({ | ||
| type: 'POST', | ||
|
|
@@ -535,9 +541,11 @@ $(document).ready(function() { | |
| sessionStorage.setItem("username", data.username); | ||
|
|
||
| $('#loginErrorField').text("") | ||
| $('#modalLoginForm').modal('hide'); | ||
| updateLoginStatus(); | ||
| window.location.reload(); | ||
|
|
||
| let url = new URL(window.location.href) | ||
| let redirect = new URLSearchParams(url.search).get('r') | ||
| window.location.replace(redirect || "/index.html"); | ||
| } else if (typeof data.error !== 'undefined') { | ||
| // If authentication failed, the returned error message is displayed. | ||
| $('#loginErrorField').text(data.error); | ||
|
|
@@ -562,8 +570,21 @@ $(document).ready(function() { | |
| }); | ||
|
|
||
| $('#logOut').click(logout); | ||
| $('#signUp').click(()=>{ | ||
| requireLogin() | ||
| }); | ||
| }); | ||
|
|
||
| function requireLogin(destinationUrl){ | ||
| let currentPath = window.location.pathname.substring(1) | ||
| let loginUrl = "/login.html" | ||
|
|
||
| if ( ! ["login.html", "index.html"].includes(currentPath)){ | ||
| loginUrl += "?r=" + encodeURIComponent(destinationUrl || currentPath) | ||
| } | ||
| window.location.href = loginUrl | ||
| } | ||
|
|
||
|
||
| function logout() { | ||
| sessionStorage.removeItem("login_token"); | ||
| sessionStorage.removeItem("username"); | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| <%inherit file="base.mako" /> | ||
|
|
||
|
|
||
| <!-- Page Content --> | ||
| <div id="page-wrapper"> | ||
| <div id="login-page"> | ||
| <div id="login-card"> | ||
| <h4 class=" w-100 font-weight-bold">Log in</h4> | ||
| <form method="POST" id="loginForm"> | ||
| <div class="mx-3"> | ||
| <!-- Field to show if the username or password is wrong --> | ||
| <p class="text-danger" id="loginErrorField"> </p> | ||
| <div class="md-form mb-2"> | ||
| <label data-error="wrong" data-success="right" for="username"> | ||
| Username | ||
| </label> | ||
| <input type="text" id="username" name="username" class="form-control"> | ||
| </div> | ||
| <div class="md-form mb-2"> | ||
| <label data-error="wrong" data-success="right" for="password"> | ||
| Password | ||
| </label> | ||
| <input type="password" id="password" name="password" class="form-control"> | ||
| </div> | ||
|
|
||
| </div> | ||
| <div class="d-flex justify-content-center"> | ||
| <button class="btn btn-primary pull-right">Login</button> | ||
| </div> | ||
| </form> | ||
| </div> | ||
| </div> | ||
| </div> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As a minimum precaution, we should verify the redirect target is related to the current path, to avoid an open redirect issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was assuming this wouldn't be an issue as the redirect happens only after the user is authenticated, anyways I have made a slight change, so that the redirect target is treated as relative path to the current location.