From 59000331344d18a5d5481b54568d354b5a459992 Mon Sep 17 00:00:00 2001 From: Silversthorn Date: Mon, 14 Mar 2022 22:26:09 +0100 Subject: [PATCH 1/3] Fixing Cookies deletion Adding redirection at Login --- app/classes/web/public_handler.py | 66 ++++++++++++++++++------ app/frontend/templates/public/login.html | 4 ++ 2 files changed, 54 insertions(+), 16 deletions(-) diff --git a/app/classes/web/public_handler.py b/app/classes/web/public_handler.py index 242b7da7..8b8f6156 100644 --- a/app/classes/web/public_handler.py +++ b/app/classes/web/public_handler.py @@ -27,7 +27,7 @@ class PublicHandler(BaseHandler): if user_id is not None: self.set_cookie("token", authentication.generate(user_id), expires_days=int(expire_days)) else: - self.clear_cookie("user") + self.clear_cookie("token") def get(self, page=None): @@ -37,8 +37,11 @@ class PublicHandler(BaseHandler): page_data = { 'version': helper.get_version_string(), 'error': error, 'lang': helper.get_setting('language'), - 'lang_page': helper.getLangPage(helper.get_setting('language')) + 'lang_page': helper.getLangPage(helper.get_setting('language')), + 'query': "" } + if (self.request.query): + page_data['query'] = self.request.query # sensible defaults template = "public/404.html" @@ -53,14 +56,16 @@ class PublicHandler(BaseHandler): template = "public/error.html" elif page == "logout": - self.clear_cookie("user") - self.clear_cookie("user_data") + self.clear_cookie("token") self.redirect('/public/login') return # if we have no page, let's go to login else: - self.redirect('/public/login') + if (self.request.query): + self.redirect('/public/login?'+self.request.query) + else: + self.redirect('/public/login') return self.render( @@ -72,8 +77,23 @@ class PublicHandler(BaseHandler): def post(self, page=None): + error = bleach.clean(self.get_argument('error', "Invalid Login!")) + error_msg = bleach.clean(self.get_argument('error_msg', '')) + + page_data = { + 'version': helper.get_version_string(), + 'error': error, 'lang': helper.get_setting('language'), + 'lang_page': helper.getLangPage(helper.get_setting('language')), + 'query': "" + } + if (self.request.query): + page_data['query'] = self.request.query + if page == 'login': + next_page = "/public/login" + if (self.request.query): + next_page = '/public/login?'+self.request.query entered_username = bleach.clean(self.get_argument('username')) entered_password = bleach.clean(self.get_argument('password')) @@ -85,17 +105,21 @@ class PublicHandler(BaseHandler): # if we don't have a user if not user_data: error_msg = "Incorrect username or password. Please try again." - self.clear_cookie("user") - self.clear_cookie("user_data") - self.redirect(f'/public/login?error_msg={error_msg}') + self.clear_cookie("token") + if (self.request.query): + self.redirect(f'/public/login?error_msg={error_msg}&{self.request.query}') + else: + self.redirect(f'/public/login?error_msg={error_msg}') return # if they are disabled if not user_data.enabled: error_msg = "User account disabled. Please contact your system administrator for more info." - self.clear_cookie("user") - self.clear_cookie("user_data") - self.redirect(f'/public/login?error_msg={error_msg}') + self.clear_cookie("token") + if (self.request.query): + self.redirect(f'/public/login?error_msg={error_msg}&{self.request.query}') + else: + self.redirect(f'/public/login?error_msg={error_msg}') return login_result = helper.verify_pass(entered_password, user_data.password) @@ -114,14 +138,24 @@ class PublicHandler(BaseHandler): # log this login self.controller.management.add_to_audit_log(user_data.user_id, "Logged in", 0, self.get_remote_ip()) - next_page = "/panel/dashboard" + + if (self.request.query_arguments.get('next')): + next_page = self.request.query_arguments.get('next')[0].decode() + else: + next_page = "/panel/dashboard" + self.redirect(next_page) else: - self.clear_cookie("user") - self.clear_cookie("user_data") + self.clear_cookie("token") error_msg = "Inncorrect username or password. Please try again." # log this failed login attempt self.controller.management.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip()) - self.redirect(f'/public/login?error_msg={error_msg}') + if (self.request.query): + self.redirect(f'/public/login?error_msg={error_msg}&{self.request.query}') + else: + self.redirect(f'/public/login?error_msg={error_msg}') else: - self.redirect("/public/login") + if (self.request.query): + self.redirect('/public/login?'+self.request.query) + else: + self.redirect('/public/login') diff --git a/app/frontend/templates/public/login.html b/app/frontend/templates/public/login.html index d676c65c..e65b9970 100644 --- a/app/frontend/templates/public/login.html +++ b/app/frontend/templates/public/login.html @@ -55,7 +55,11 @@ box-shadow: 0 12px 16px 0 hsla(0, 0%, 0%, 0.4); } + {% if data['query'] %} +
+ {% else %} + {% end %} {% raw xsrf_form_html() %}
From 79f918b877b39ac5daf68980bf9945783d20affd Mon Sep 17 00:00:00 2001 From: Silversthorn Date: Mon, 14 Mar 2022 22:27:19 +0100 Subject: [PATCH 2/3] Adding back and Commenting Old lines --- app/classes/web/public_handler.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/classes/web/public_handler.py b/app/classes/web/public_handler.py index 8b8f6156..88ef7c97 100644 --- a/app/classes/web/public_handler.py +++ b/app/classes/web/public_handler.py @@ -1,3 +1,4 @@ +from lib2to3.pgen2 import token import logging from app.classes.models.users import Users @@ -28,6 +29,8 @@ class PublicHandler(BaseHandler): self.set_cookie("token", authentication.generate(user_id), expires_days=int(expire_days)) else: self.clear_cookie("token") + #self.clear_cookie("user") + #self.clear_cookie("user_data") def get(self, page=None): @@ -57,6 +60,8 @@ class PublicHandler(BaseHandler): elif page == "logout": self.clear_cookie("token") + #self.clear_cookie("user") + #self.clear_cookie("user_data") self.redirect('/public/login') return @@ -105,6 +110,8 @@ class PublicHandler(BaseHandler): # if we don't have a user if not user_data: error_msg = "Incorrect username or password. Please try again." + #self.clear_cookie("user") + #self.clear_cookie("user_data") self.clear_cookie("token") if (self.request.query): self.redirect(f'/public/login?error_msg={error_msg}&{self.request.query}') @@ -115,6 +122,8 @@ class PublicHandler(BaseHandler): # if they are disabled if not user_data.enabled: error_msg = "User account disabled. Please contact your system administrator for more info." + #self.clear_cookie("user") + #self.clear_cookie("user_data") self.clear_cookie("token") if (self.request.query): self.redirect(f'/public/login?error_msg={error_msg}&{self.request.query}') @@ -146,6 +155,8 @@ class PublicHandler(BaseHandler): self.redirect(next_page) else: + #self.clear_cookie("user") + #self.clear_cookie("user_data") self.clear_cookie("token") error_msg = "Inncorrect username or password. Please try again." # log this failed login attempt From c00915e347a70f4dd32d623a751835ac42f862f0 Mon Sep 17 00:00:00 2001 From: Silversthorn Date: Mon, 14 Mar 2022 21:37:40 +0000 Subject: [PATCH 3/3] Remove unused line --- app/classes/web/public_handler.py | 1 - 1 file changed, 1 deletion(-) diff --git a/app/classes/web/public_handler.py b/app/classes/web/public_handler.py index 88ef7c97..8cc2d7c2 100644 --- a/app/classes/web/public_handler.py +++ b/app/classes/web/public_handler.py @@ -1,4 +1,3 @@ -from lib2to3.pgen2 import token import logging from app.classes.models.users import Users