openidec

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE
commit 8921484644164e81042bb9b28f658087e6526ff3
parent f4acf890d8a3494fb7757579b7e5321603125095
Author: vasyahacker <vasya@magicfreedom.com>
Date:   Tue, 18 Apr 2023 13:31:50 +0400

login/logout fixes (single token for all sessions);
link to reset password in user profile template
and some cosmetic fixes in html templates

Diffstat:

Mcmd/idecd/web.go | 19++++++++++++-------


Mwww/tpl/footer.tpl | 2+-


Mwww/tpl/header.tpl | 1+


Mwww/tpl/reset.tpl | 2+-


4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/cmd/idecd/web.go b/cmd/idecd/web.go
@@ -111,11 +111,13 @@ func www_login(ctx *WebContext, w http.ResponseWriter, r *http.Request) error {
 		}
 		exp := time.Now().Add(10 * 365 * 24 * time.Hour)
 		u := udb.UserInfoName(user)
-		token := generateSecureToken(16)
-		u.Token = token
-		udb.Tokens[token] = user
-		udb.Names[user] = *u
-		cookie := http.Cookie{Name: "token", Value: token, Expires: exp}
+		if len(u.Token) == 0 {
+			token := generateSecureToken(16)
+			u.Token = token
+			udb.Tokens[token] = user
+			udb.Names[user] = *u
+		}
+		cookie := http.Cookie{Name: "token", Value: u.Token, Expires: exp}
 		http.SetCookie(w, &cookie)
 		ii.Info.Printf("User logged in: %s\n", user)
 		http.Redirect(w, r, ctx.PfxPath+"/", http.StatusSeeOther)
@@ -150,9 +152,12 @@ func www_logout(ctx *WebContext, w http.ResponseWriter, r *http.Request) error {
 	}
 	cookie, err := r.Cookie("token")
 	if err == nil {
+		token := cookie.Value
 		udb := ctx.www.udb
-		if udb.Access(cookie.Value) {
-			delete(ctx.www.udb.Tokens, cookie.Value)
+		if udb.Access(token) {
+			u := udb.UserInfo(token)
+			u.Token = ""
+			delete(ctx.www.udb.Tokens, token)
 		}
 	}
 	rmcookie := http.Cookie{Name: "token", Value: "", Expires: time.Unix(0, 0)}
diff --git a/www/tpl/footer.tpl b/www/tpl/footer.tpl
@@ -1,5 +1,5 @@
 <div id="footer">
-Powered by <a href="https://git.openbsd.org.ru/vasyahacker/openidec">OpenIDEC</a>
+Powered by <a href="https://git.openbsd.org.ru/vasyahacker/openidec">OpenIDEC</a> /
 Original by <a href="https://github.com/hugeping/ii-go">ii-go</a> / 2021-2023
 </div>
 </div>
diff --git a/www/tpl/header.tpl b/www/tpl/header.tpl
@@ -35,6 +35,7 @@
       {{ template "links.tpl" }}
       {{ if .User.Name }}
       {{ if eq .BasePath "profile" }}
+      <a href="/reset">Reset password</a> |
       <a href="/logout">Logout</a>
       {{ else }}
       <a href="/profile">{{.User.Name}}</a>
diff --git a/www/tpl/reset.tpl b/www/tpl/reset.tpl
@@ -7,7 +7,7 @@
 </td></tr>
 
 <tr class="even"><td>
-<input type="password" name="password" class="passwd" placeholder="password"><br>
+<input type="password" name="password" class="passwd" placeholder="new password"><br>
 </td></tr>
 
 <tr class="odd"><td class="links">