Skip to content

Commit

Permalink
Fixed login URL in form (#41)
Browse files Browse the repository at this point in the history
  • Loading branch information
oxisto authored Mar 10, 2022
1 parent 8feb611 commit 380907d
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 4 deletions.
4 changes: 4 additions & 0 deletions login/form.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ type loginForm struct {
// after a successfull login
returnURL string

// loginURL is the URL the login form will POST to
loginURL string

// errorMessage is an optional error message to display in the login form
errorMessage string

Expand All @@ -32,6 +35,7 @@ func (form loginForm) ServeHTTP(w http.ResponseWriter, r *http.Request) {
err = tmpl.Execute(w, map[string]interface{}{
"ErrorMessage": form.errorMessage,
"ReturnURL": form.returnURL,
"LoginURL": form.loginURL,
"CSRFToken": form.csrfToken,
})
if err != nil {
Expand Down
7 changes: 5 additions & 2 deletions login/form_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
func Test_loginForm_ServeHTTP(t *testing.T) {
type fields struct {
returnURL string
loginURL string
errorMessage string
fs fs.FS
}
Expand Down Expand Up @@ -58,10 +59,11 @@ func Test_loginForm_ServeHTTP(t *testing.T) {
},
},
fields: fields{
fs: &mockFS{File: &mockFile{content: "test"}},
fs: &mockFS{File: &mockFile{content: "{{.LoginURL}}"}},
loginURL: "/test",
},
wantCode: http.StatusOK,
wantBody: "test",
wantBody: "/test",
},
{
name: "valid template with error while writing",
Expand All @@ -82,6 +84,7 @@ func Test_loginForm_ServeHTTP(t *testing.T) {
t.Run(tt.name, func(t *testing.T) {
form := loginForm{
returnURL: tt.fields.returnURL,
loginURL: tt.fields.loginURL,
errorMessage: tt.fields.errorMessage,
fs: tt.fields.fs,
}
Expand Down
7 changes: 6 additions & 1 deletion login/login.go
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,12 @@ func (h *handler) doLoginGet(w http.ResponseWriter, r *http.Request) {
session = h.extractSession(w, r)

// Prepare the login form. We are using a masked CSRF token for each request
form = loginForm{returnURL: returnURL, fs: h.files, csrfToken: csrf.Mask(session.CSRFToken)}
form = loginForm{
returnURL: returnURL,
loginURL: path.Join(h.baseURL, "/login"),
fs: h.files,
csrfToken: csrf.Mask(session.CSRFToken),
}

// Check, if we have an additional failure message
if r.URL.Query().Has("failed") {
Expand Down
2 changes: 1 addition & 1 deletion login/login.html
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
{{if .ErrorMessage}}
<div class="error">{{.ErrorMessage}}</div>
{{end}}
<form action="/login" method="POST" autocomplete="off">
<form action="{{.LoginURL}}" method="POST" autocomplete="off">
<input type="hidden" name="csrf_token" value="{{.CSRFToken}}">
<input type="hidden" name="return_url" value="{{.ReturnURL}}">

Expand Down

0 comments on commit 380907d

Please sign in to comment.