Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixing Cookies deletion

Browse Source 
Adding redirection at Login
This commit is contained in:
Silversthorn 2022-03-14 22:26:09 +01:00
parent ddb254b9c7
commit 5900033134
2 changed files with 54 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
app/classes/web/public_handler.py
View File

@ -27,7 +27,7 @@ class PublicHandler(BaseHandler):
if user_id is not None: if user_id is not None:
self.set_cookie("token", authentication.generate(user_id), expires_days=int(expire_days)) self.set_cookie("token", authentication.generate(user_id), expires_days=int(expire_days))
else: else:
self.clear_cookie("user") self.clear_cookie("token")
def get(self, page=None): def get(self, page=None):
@ -37,8 +37,11 @@ class PublicHandler(BaseHandler):
page_data = { page_data = {
'version': helper.get_version_string(), 'version': helper.get_version_string(),
'error': error, 'lang': helper.get_setting('language'), 'error': error, 'lang': helper.get_setting('language'),
'lang_page': helper.getLangPage(helper.get_setting('language')) 'lang_page': helper.getLangPage(helper.get_setting('language')),
'query': ""
} }
if (self.request.query):
page_data['query'] = self.request.query
# sensible defaults # sensible defaults
template = "public/404.html" template = "public/404.html"
@ -53,14 +56,16 @@ class PublicHandler(BaseHandler):
template = "public/error.html" template = "public/error.html"
elif page == "logout": elif page == "logout":
self.clear_cookie("user") self.clear_cookie("token")
self.clear_cookie("user_data")
self.redirect('/public/login') self.redirect('/public/login')
return return
# if we have no page, let's go to login # if we have no page, let's go to login
else: else:
self.redirect('/public/login') if (self.request.query):
self.redirect('/public/login?'+self.request.query)
else:
self.redirect('/public/login')
return return
self.render( self.render(
@ -72,8 +77,23 @@ class PublicHandler(BaseHandler):
def post(self, page=None): def post(self, page=None):
error = bleach.clean(self.get_argument('error', "Invalid Login!"))
error_msg = bleach.clean(self.get_argument('error_msg', ''))
page_data = {
'version': helper.get_version_string(),
'error': error, 'lang': helper.get_setting('language'),
'lang_page': helper.getLangPage(helper.get_setting('language')),
'query': ""
}
if (self.request.query):
page_data['query'] = self.request.query
if page == 'login': if page == 'login':
next_page = "/public/login" next_page = "/public/login"
if (self.request.query):
next_page = '/public/login?'+self.request.query
entered_username = bleach.clean(self.get_argument('username')) entered_username = bleach.clean(self.get_argument('username'))
entered_password = bleach.clean(self.get_argument('password')) entered_password = bleach.clean(self.get_argument('password'))
@ -85,17 +105,21 @@ class PublicHandler(BaseHandler):
# if we don't have a user # if we don't have a user
if not user_data: if not user_data:
error_msg = "Incorrect username or password. Please try again." error_msg = "Incorrect username or password. Please try again."
self.clear_cookie("user") self.clear_cookie("token")
self.clear_cookie("user_data") if (self.request.query):
self.redirect(f'/public/login?error_msg={error_msg}') self.redirect(f'/public/login?error_msg={error_msg}&{self.request.query}')
else:
self.redirect(f'/public/login?error_msg={error_msg}')
return return
# if they are disabled # if they are disabled
if not user_data.enabled: if not user_data.enabled:
error_msg = "User account disabled. Please contact your system administrator for more info." error_msg = "User account disabled. Please contact your system administrator for more info."
self.clear_cookie("user") self.clear_cookie("token")
self.clear_cookie("user_data") if (self.request.query):
self.redirect(f'/public/login?error_msg={error_msg}') self.redirect(f'/public/login?error_msg={error_msg}&{self.request.query}')
else:
self.redirect(f'/public/login?error_msg={error_msg}')
return return
login_result = helper.verify_pass(entered_password, user_data.password) login_result = helper.verify_pass(entered_password, user_data.password)
@ -114,14 +138,24 @@ class PublicHandler(BaseHandler):
# log this login # log this login
self.controller.management.add_to_audit_log(user_data.user_id, "Logged in", 0, self.get_remote_ip()) self.controller.management.add_to_audit_log(user_data.user_id, "Logged in", 0, self.get_remote_ip())
next_page = "/panel/dashboard"
if (self.request.query_arguments.get('next')):
next_page = self.request.query_arguments.get('next')[0].decode()
else:
next_page = "/panel/dashboard"
self.redirect(next_page) self.redirect(next_page)
else: else:
self.clear_cookie("user") self.clear_cookie("token")
self.clear_cookie("user_data")
error_msg = "Inncorrect username or password. Please try again." error_msg = "Inncorrect username or password. Please try again."
# log this failed login attempt # log this failed login attempt
self.controller.management.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip()) self.controller.management.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip())
self.redirect(f'/public/login?error_msg={error_msg}') if (self.request.query):
self.redirect(f'/public/login?error_msg={error_msg}&{self.request.query}')
else:
self.redirect(f'/public/login?error_msg={error_msg}')
else: else:
self.redirect("/public/login") if (self.request.query):
self.redirect('/public/login?'+self.request.query)
else:
self.redirect('/public/login')

4
app/frontend/templates/public/login.html
View File

@ -55,7 +55,11 @@
box-shadow: 0 12px 16px 0 hsla(0, 0%, 0%, 0.4); box-shadow: 0 12px 16px 0 hsla(0, 0%, 0%, 0.4);
} }
</style> </style>
{% if data['query'] %}
<form action="/public/login?{{ data['query'] }}" method="post">
{% else %}
<form action="/public/login" method="post"> <form action="/public/login" method="post">
{% end %}
{% raw xsrf_form_html() %} {% raw xsrf_form_html() %}
<div class="form-group"> <div class="form-group">
<label class="label">{{ translate('login', 'username', data['lang']) }}</label> <label class="label">{{ translate('login', 'username', data['lang']) }}</label>