various fixes

2021-03-26 09:51:55 +01:00 · 2021-03-26 09:51:55 +01:00 · e9883a049b
parent 3db376b549
commit e9883a049b
8 changed files with 75 additions and 45 deletions
--- a/web/handlers/auth/withssb.go
+++ b/web/handlers/auth/withssb.go
@ -17,6 +17,7 @@ import (

 	kitlog "github.com/go-kit/kit/log"
 	"github.com/go-kit/kit/log/level"
+	"github.com/gorilla/csrf"
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
 	"github.com/skip2/go-qrcode"
@ -256,7 +257,10 @@ func (h WithSSBHandler) decideMethod(w http.ResponseWriter, req *http.Request) {

 	//  without any query params: shows a form field so you can input alias or SSB ID
 	if alias == "" && cid == nil {
-		h.render.StaticHTML("auth/start_login_form.tmpl").ServeHTTP(w, req)
+		data := map[string]interface{}{
+			csrf.TemplateTag: csrf.TemplateField(req),
+		}
+		h.render.Render(w, req, "auth/start_login_form.tmpl", http.StatusOK, data)
 		return
 	}

@ -449,8 +453,6 @@ func (h WithSSBHandler) eventSource(w http.ResponseWriter, r *http.Request) {
 	go func() {
 		time.Sleep(3 * time.Minute)
 		tick.Stop()
-		sender.send("ping", "Warning: reached waiting time of 3 minutes.")
-		flusher.Flush()
 		logger.Log("event", "stopped")
 	}()

--- a/web/handlers/auth_test.go
+++ b/web/handlers/auth_test.go
@ -47,14 +47,18 @@ func TestLoginForm(t *testing.T) {

 	a, r := assert.New(t), require.New(t)

-	url, err := ts.Router.Get(router.AuthFallbackSignInForm).URL()
+	ts.AliasesDB.ResolveReturns(roomdb.Alias{}, roomdb.ErrNotFound)
+
+	url, err := ts.Router.Get(router.AuthLogin).URL()
 	r.Nil(err)
 	html, resp := ts.Client.GetHTML(url.String())
 	a.Equal(http.StatusOK, resp.Code, "wrong HTTP status code")

 	webassert.Localized(t, html, []webassert.LocalizedElement{
-		{"#welcome", "AuthFallbackWelcome"},
-		{"title", "AuthFallbackTitle"},
+		{"title", "AuthTitle"},
+		{"#welcome", "AuthWelcome"},
+		{"#describe-withssb", "AuthWithSSBStart"},
+		{"#describe-password", "AuthFallbackWelcome"},
 	})
 }

@ -66,7 +70,9 @@ func TestFallbackAuth(t *testing.T) {
 	jar, err := cookiejar.New(nil)
 	r.NoError(err)

-	signInFormURL, err := ts.Router.Get(router.AuthFallbackSignInForm).URL()
+	ts.AliasesDB.ResolveReturns(roomdb.Alias{}, roomdb.ErrNotFound)
+
+	signInFormURL, err := ts.Router.Get(router.AuthLogin).URL()
 	r.Nil(err)
 	signInFormURL.Host = "localhost"
 	signInFormURL.Scheme = "https"
@ -79,9 +85,10 @@ func TestFallbackAuth(t *testing.T) {

 	jar.SetCookies(signInFormURL, csrfCookie)

-	webassert.CSRFTokenPresent(t, doc.Find("form"))
+	passwordForm := doc.Find("#password-fallback")
+	webassert.CSRFTokenPresent(t, passwordForm)

-	csrfTokenElem := doc.Find("input[type=hidden]")
+	csrfTokenElem := passwordForm.Find("input[type=hidden]")
 	a.Equal(1, csrfTokenElem.Length())

 	csrfName, has := csrfTokenElem.Attr("name")
@ -344,14 +351,14 @@ func TestAuthWithSSBHasClient(t *testing.T) {
 	jar.SetCookies(signInStartURL, sessionCookie)

 	// now request the protected dashboard page
-
 	dashboardURL.Host = "localhost"
 	dashboardURL.Scheme = "https"

-	var sessionHeader = http.Header(map[string][]string{})
+	// load the cookie for the dashboard
 	cs := jar.Cookies(dashboardURL)
-
 	r.True(len(cs) > 0, "expecting one cookie!")
+
+	var sessionHeader = http.Header(map[string][]string{})
 	for _, c := range cs {
 		theCookie := c.String()
 		a.NotEqual("", theCookie, "should have a new cookie")
@ -374,5 +381,4 @@ func TestAuthWithSSBHasClient(t *testing.T) {
 		{"#welcome", "AdminDashboardWelcome"},
 		{"title", "AdminDashboardTitle"},
 	})
-
 }
--- a/web/handlers/notices_test.go
+++ b/web/handlers/notices_test.go
@ -61,6 +61,8 @@ func TestNoticesEditButtonVisible(t *testing.T) {

 	urlTo := web.NewURLTo(ts.Router)

+	ts.AliasesDB.ResolveReturns(roomdb.Alias{}, roomdb.ErrNotFound)
+
 	noticeData := roomdb.Notice{
 		ID:      42,
 		Title:   "Welcome!",
@ -89,7 +91,7 @@ func TestNoticesEditButtonVisible(t *testing.T) {

 	// when dealing with cookies we also need to have an Host and URL-Scheme
 	// for the jar to save and load them correctly
-	formEndpoint := urlTo(router.AuthFallbackSignInForm)
+	formEndpoint := urlTo(router.AuthLogin)
 	r.NotNil(formEndpoint)
 	formEndpoint.Host = "localhost"
 	formEndpoint.Scheme = "https"
--- a/web/i18n/defaults/active.en.toml
+++ b/web/i18n/defaults/active.en.toml
@ -15,16 +15,19 @@ RoleAdmin = "Admin"
 LandingTitle = "ohai my room"
 LandingWelcome = "Landing welcome here"

-AuthTitle = "Member Authentication"
-AuthWelcome = "Some text about the different login methods(?)"
-
-AuthFallbackWelcome = "Here you can log in with username and password."
-AuthFallbackTitle = "Password Login"
 AuthSignIn = "Sign in"
 AuthSignOut = "Sign out"

+AuthTitle = "Member Authentication"
+AuthWelcome = "TODO: Some text about the different login methods"
+
 AuthWithSSBTitle = "Sign-in with SSB"
-AuthWithSSBWelcome = "If you have a compatible device/application, you can sign-in here without a password. Open the QR-Code on your mobile device to complete the process or click the link below."
+AuthWithSSBStart = "To begin, enter your alias on this room or your public key"
+AuthWithSSBServerStart = "If you have a compatible device/application, you can sign-in here without a password. Open the QR-Code on your mobile device to complete the process or click the link below."
+
+AuthFallbackWelcome = "Here you can log in with username and password."
+AuthFallbackTitle = "Password Login"
+

 AdminDashboardWelcome = "Welcome to your dashboard"
 AdminDashboardTitle = "Room Admin Dashboard"
--- a/web/router/auth.go
+++ b/web/router/auth.go
@ -6,8 +6,7 @@ import "github.com/gorilla/mux"

 // constant names for the named routes
 const (
-	AuthFallbackSignInForm = "auth:fallback:signin:form"
-	AuthFallbackSignIn     = "auth:fallback:signin"
+	AuthFallbackSignIn = "auth:fallback:signin"

 	AuthLogin  = "auth:login"
 	AuthLogout = "auth:logout"
@ -23,7 +22,6 @@ func Auth(m *mux.Router) *mux.Router {
 	m.Path("/logout").Methods("GET").Name(AuthLogout)

 	// register password fallback
-	m.Path("/password/signin").Methods("GET").Name(AuthFallbackSignInForm)
 	m.Path("/password/signin").Methods("POST").Name(AuthFallbackSignIn)

 	return m
--- a/web/templates/auth/start_login_form.tmpl
+++ b/web/templates/auth/start_login_form.tmpl
@ -1,32 +1,51 @@
 {{ define "title" }}{{i18n "AuthTitle"}}{{ end }}
 {{ define "content" }}
      <div id="page-header">
-        <h1 id="welcome" class="text-lg">{{i18n "AuthTitle"}}</h1>
-        <p>{{i18n "AuthWelcome"}}</p>
-      </div>
-      <div>
-        <form method="GET" action="{{urlTo "auth:login:check" }}" class="flex flex-row items-end">
-          <label>Alias or SSB ID</label>
-          <input
-            type="text"
-            name="input"
-            class="shadow rounded border border-transparent h-8 p-1 focus:outline-none focus:ring-2 focus:ring-pink-400 focus:border-transparent"
-          >
-          <button
-            type="submit"
-            class="shadow rounded px-4 h-8 text-gray-100 bg-pink-600 hover:bg-pink-700 focus:outline-none focus:ring-2 focus:ring-pink-600 focus:ring-opacity-50"
-          >Enter</button>
-        </form>
+        <h1 class="text-lg">{{i18n "AuthTitle"}}</h1>
+        <p id="welcome">{{i18n "AuthWelcome"}}</p>
      </div>
+      <hr class="mt-5 pt-5">

      <div>
-        <hr class="mt-5 pt-5">
        <div id="page-header">
-          <h1 id="welcome" class="text-lg">{{i18n "AuthFallbackTitle"}}</h1>
-          <p>{{i18n "AuthFallbackWelcome"}}</p>
+          <h1 class="text-lg">{{i18n "AuthWithSSBTitle"}}</h1>
+          <p id="describe-withssb">{{i18n "AuthWithSSBStart"}}</p>
        </div>
        <div>
-          <form method="POST" action={{urlTo "auth:fallback:signin" }} class="flex flex-row items-end">
+          <form
+            id="start-siwssb"
+            method="GET"
+            action="{{urlTo "auth:login:check" }}"
+            class="flex flex-row items-end"
+          >
+            <label>Alias or SSB ID</label>
+            <input
+              type="text"
+              name="input"
+              class="shadow rounded border border-transparent h-8 p-1 focus:outline-none focus:ring-2 focus:ring-pink-400 focus:border-transparent"
+            >
+            <button
+              type="submit"
+              class="shadow rounded px-4 h-8 text-gray-100 bg-pink-600 hover:bg-pink-700 focus:outline-none focus:ring-2 focus:ring-pink-600 focus:ring-opacity-50"
+            >Enter</button>
+          </form>
+        </div>
+      </div>
+
+      <hr class="mt-5 pt-5">
+      
+      <div>
+        <div id="page-header">
+          <h1 class="text-lg">{{i18n "AuthFallbackTitle"}}</h1>
+          <p id="describe-password">{{i18n "AuthFallbackWelcome"}}</p>
+        </div>
+        <div>
+          <form
+            id="password-fallback"
+            method="POST"
+            action={{urlTo "auth:fallback:signin" }}
+            class="flex flex-row items-end"
+          >
            {{ .csrfField }}
            <div class="w-96 grid grid-cols-2 gap-x-4 gap-y-1 mr-4">
              <label>Username</label>
--- a/web/templates/auth/withssb_server_start.tmpl
+++ b/web/templates/auth/withssb_server_start.tmpl
@ -1,7 +1,7 @@
 {{ define "title" }}{{i18n "AuthWithSSBTitle"}}{{ end }}
 {{ define "content" }}
      <div id="page-header">
-        <h1 id="welcome" class="text-lg">{{i18n "AuthWithSSBWelcome"}}</h1>
+        <h1 id="welcome" class="text-lg">{{i18n "AuthWithSSBServerStart"}}</h1>
      </div>
      <div>
        <img src="{{.QRCodeURI}}" alt="QR-Code to pass the challenge to an App" />
--- a/web/webassert/asserts.go
+++ b/web/webassert/asserts.go
@ -18,7 +18,7 @@ type LocalizedElement struct {
 func Localized(t *testing.T, html *goquery.Document, elems []LocalizedElement) {
 	a := assert.New(t)
 	for i, pair := range elems {
-		a.Equal(pair.Label, html.Find(pair.Selector).Text(), "localized pair %d failed", i+1)
+		a.Equal(pair.Label, html.Find(pair.Selector).Text(), "localized pair %d failed (selector: %s)", i+1, pair.Selector)
 	}
 }