login/logout fixes (single token for all sessions);

link to reset password in user profile template and some cosmetic fixes in html templates
2023-04-18 13:31:50 +04:00 · 2023-04-18 13:31:50 +04:00 · 8921484644
parent f4acf890d8
commit 8921484644
4 changed files with 15 additions and 9 deletions
--- a/cmd/idecd/web.go
+++ b/cmd/idecd/web.go
@ -111,11 +111,13 @@ func www_login(ctx *WebContext, w http.ResponseWriter, r *http.Request) error {
 		}
 		exp := time.Now().Add(10 * 365 * 24 * time.Hour)
 		u := udb.UserInfoName(user)
-		token := generateSecureToken(16)
-		u.Token = token
-		udb.Tokens[token] = user
-		udb.Names[user] = *u
-		cookie := http.Cookie{Name: "token", Value: token, Expires: exp}
+		if len(u.Token) == 0 {
+			token := generateSecureToken(16)
+			u.Token = token
+			udb.Tokens[token] = user
+			udb.Names[user] = *u
+		}
+		cookie := http.Cookie{Name: "token", Value: u.Token, Expires: exp}
 		http.SetCookie(w, &cookie)
 		ii.Info.Printf("User logged in: %s\n", user)
 		http.Redirect(w, r, ctx.PfxPath+"/", http.StatusSeeOther)
@ -150,9 +152,12 @@ func www_logout(ctx *WebContext, w http.ResponseWriter, r *http.Request) error {
 	}
 	cookie, err := r.Cookie("token")
 	if err == nil {
+		token := cookie.Value
 		udb := ctx.www.udb
-		if udb.Access(cookie.Value) {
-			delete(ctx.www.udb.Tokens, cookie.Value)
+		if udb.Access(token) {
+			u := udb.UserInfo(token)
+			u.Token = ""
+			delete(ctx.www.udb.Tokens, token)
 		}
 	}
 	rmcookie := http.Cookie{Name: "token", Value: "", Expires: time.Unix(0, 0)}
--- a/www/tpl/footer.tpl
+++ b/www/tpl/footer.tpl
@ -1,5 +1,5 @@
 <div id="footer">
-Powered by <a href="https://git.openbsd.org.ru/vasyahacker/openidec">OpenIDEC</a>
+Powered by <a href="https://git.openbsd.org.ru/vasyahacker/openidec">OpenIDEC</a> /
 Original by <a href="https://github.com/hugeping/ii-go">ii-go</a> / 2021-2023
 </div>
 </div>
--- a/www/tpl/header.tpl
+++ b/www/tpl/header.tpl
@ -35,6 +35,7 @@
      {{ template "links.tpl" }}
      {{ if .User.Name }}
      {{ if eq .BasePath "profile" }}
+      <a href="/reset">Reset password</a> |
      <a href="/logout">Logout</a>
      {{ else }}
      <a href="/profile">{{.User.Name}}</a>
--- a/www/tpl/reset.tpl
+++ b/www/tpl/reset.tpl
@ -7,7 +7,7 @@
 </td></tr>

 <tr class="even"><td>
-<input type="password" name="password" class="passwd" placeholder="password"><br>
+<input type="password" name="password" class="passwd" placeholder="new password"><br>
 </td></tr>

 <tr class="odd"><td class="links">