Mirrors/stash
1
0
Fork 0
mirror of https://github.com/stashapp/stash.git synced 2025-12-18 04:44:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Refactor login page to not include in history (#5747)

Browse Source
This commit is contained in:
WithoutPants
2025-03-25 10:26:31 +11:00
committed by GitHub
parent cc6917f29d
commit 2541e9d1eb
2 changed files with 32 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/api/session.go
View File

@@ -78,11 +78,6 @@ func handleLogin() http.HandlerFunc {
func handleLoginPost() http.HandlerFunc { func handleLoginPost() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
url := r.FormValue(returnURLParam)
if url == "" {
url = getProxyPrefix(r) + "/"
}
err := manager.GetInstance().SessionStore.Login(w, r) err := manager.GetInstance().SessionStore.Login(w, r)
if err != nil { if err != nil {
// always log the error // always log the error
@@ -92,17 +87,17 @@ func handleLoginPost() http.HandlerFunc {
var invalidCredentialsError *session.InvalidCredentialsError var invalidCredentialsError *session.InvalidCredentialsError
if errors.As(err, &invalidCredentialsError) { if errors.As(err, &invalidCredentialsError) {
// serve login page with an error http.Error(w, "Username or password is invalid", http.StatusUnauthorized)
serveLoginPage(w, r, url, "Username or password is invalid")
return return
} }
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) // don't expose the error to the user
http.Error(w, "An unexpected error occurred. See logs", http.StatusInternalServerError)
return return
} }
http.Redirect(w, r, url, http.StatusFound) w.WriteHeader(http.StatusOK)
} }
} }

30
ui/login/login.html
View File

@@ -10,11 +10,37 @@
<link rel="stylesheet" href="login/login.css"> <link rel="stylesheet" href="login/login.css">
<link rel="stylesheet" href="css"> <link rel="stylesheet" href="css">
</head> </head>
<script>
function login() {
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
var returnURL = document.getElementById("returnURL").value;
var xhr = new XMLHttpRequest();
xhr.open("POST", "login", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4) {
if (xhr.status == 200) {
window.location.replace(returnURL);
} else {
document.getElementsByClassName("login-error")[0].innerHTML = xhr.responseText;
}
}
};
xhr.onerror = function() {
document.getElementsByClassName("login-error")[0].innerHTML = "An error occurred while trying to login.";
};
xhr.send("username=" + username + "&password=" + password + "&returnURL=" + returnURL);
}
</script>
<body class="login"> <body class="login">
<div class="dialog"> <div class="dialog">
<div class="card"> <div class="card">
<form action="login" method="POST"> <form action="login" method="POST" onsubmit="event.preventDefault(); login();">
<div class="form-group"> <div class="form-group">
<label for="username"><h6>Username</h6></label> <label for="username"><h6>Username</h6></label>
<input class="text-input form-control" id="username" name="username" type="text" placeholder="Username" /> <input class="text-input form-control" id="username" name="username" type="text" placeholder="Username" />
@@ -27,7 +53,7 @@
{{.Error}} {{.Error}}
</div> </div>
<input type="hidden" name="returnURL" value="{{.URL}}" /> <input type="hidden" id="returnURL" name="returnURL" value="{{.URL}}" />
<div> <div>
<input class="btn btn-primary" type="submit" value="Login"> <input class="btn btn-primary" type="submit" value="Login">