From e1ab01e4e29e4de75fc6bb4a27b9c62d0bc0f602 Mon Sep 17 00:00:00 2001 From: Izalia Mae Date: Fri, 15 Mar 2024 22:14:37 -0400 Subject: [PATCH] use api on login page --- relay/frontend/page/admin-users.haml | 8 +++--- relay/frontend/page/login.haml | 17 +++++++----- relay/frontend/static/login.js | 29 ++++++++++++++++++++ relay/views/api.py | 14 +++++++++- relay/views/frontend.py | 41 ---------------------------- 5 files changed, 56 insertions(+), 53 deletions(-) create mode 100644 relay/frontend/static/login.js diff --git a/relay/frontend/page/admin-users.haml b/relay/frontend/page/admin-users.haml index 2043ba8..50058d7 100644 --- a/relay/frontend/page/admin-users.haml +++ b/relay/frontend/page/admin-users.haml @@ -9,16 +9,16 @@ %summary << Add User #add-item %label(for="new-username") << Username - %input(id="new-username" name="username" placeholder="Username") + %input(id="new-username" name="username" placeholder="Username" autocomplete="off") %label(for="new-password") << Password - %input(id="new-password" type="password" placeholder="Password") + %input(id="new-password" type="password" placeholder="Password" autocomplete="off") %label(for="new-password2") << Password Again - %input(id="new-password2" type="password" placeholder="Password Again") + %input(id="new-password2" type="password" placeholder="Password Again" autocomplete="off") %label(for="new-handle") << Handle - %input(id="new-handle" type="email" placeholder="handle") + %input(id="new-handle" type="email" placeholder="handle" autocomplete="off") %input#new-user(type="button" value="Add User") diff --git a/relay/frontend/page/login.haml b/relay/frontend/page/login.haml index ab177b6..bf1ab1c 100644 --- a/relay/frontend/page/login.haml +++ b/relay/frontend/page/login.haml @@ -1,15 +1,18 @@ -extends "base.haml" -set page="Login" + +-block head + %script(type="application/javascript" src="/static/login.js" nonce="{{view.request['hash']}}" defer) + -block content %fieldset.section %legend << Login - %form(action="/login" method="POST") - .grid-2col - %label(for="username") << Username - %input(id="username" name="username" placeholder="Username" value="{{username or ''}}") + .grid-2col + %label(for="username") << Username + %input(id="username" name="username" placeholder="Username" value="{{username or ''}}") - %label(for="password") << Password - %input(id="password" name="password" placeholder="Password" type="password") + %label(for="password") << Password + %input(id="password" name="password" placeholder="Password" type="password") - %input(type="submit" value="Login") + %input.submit(type="button" value="Login") diff --git a/relay/frontend/static/login.js b/relay/frontend/static/login.js new file mode 100644 index 0000000..9c68f17 --- /dev/null +++ b/relay/frontend/static/login.js @@ -0,0 +1,29 @@ +async function login(event) { + fields = { + username: document.querySelector("#username"), + password: document.querySelector("#password") + } + + values = { + username: fields.username.value.trim(), + password: fields.password.value.trim() + } + + if (values.username === "" | values.password === "") { + toast("Username and/or password field is blank"); + return; + } + + try { + await request("POST", "v1/token", values); + + } catch (error) { + toast(error); + return; + } + + document.location = "/"; +} + + +document.querySelector(".submit").addEventListener("click", login); diff --git a/relay/views/api.py b/relay/views/api.py index 96f42fa..1789f72 100644 --- a/relay/views/api.py +++ b/relay/views/api.py @@ -81,7 +81,19 @@ class Login(View): token = conn.put_token(data['username']) - return Response.new({'token': token['code']}, ctype = 'json') + resp = Response.new({'token': token['code']}, ctype = 'json') + resp.set_cookie( + 'user-token', + token['code'], + max_age = 60 * 60 * 24 * 365, + domain = self.config.domain, + path = '/', + secure = True, + httponly = False, + samesite = 'lax' + ) + + return resp async def delete(self, request: Request) -> Response: diff --git a/relay/views/frontend.py b/relay/views/frontend.py index 2215d5e..206482b 100644 --- a/relay/views/frontend.py +++ b/relay/views/frontend.py @@ -72,47 +72,6 @@ class Login(View): return Response.new(data, ctype = 'html') - async def post(self, request: Request) -> Response: - form = await request.post() - params = {} - - with self.database.session(True) as conn: - if not (user := conn.get_user(form['username'])): - params = { - 'username': form['username'], - 'error': 'User not found' - } - - else: - try: - conn.hasher.verify(user['hash'], form['password']) - - except VerifyMismatchError: - params = { - 'username': form['username'], - 'error': 'Invalid password' - } - - if params: - data = self.template.render('page/login.haml', self, **params) - return Response.new(data, ctype = 'html') - - token = conn.put_token(user['username']) - resp = Response.new_redir(request.query.getone('redir', '/')) - resp.set_cookie( - 'user-token', - token['code'], - max_age = 60 * 60 * 24 * 365, - domain = self.config.domain, - path = '/', - secure = True, - httponly = False, - samesite = 'lax' - ) - - return resp - - @register_route('/logout') class Logout(View): async def get(self, request: Request) -> Response: