]> git.ipfire.org Git - ipfire.org.git/commitdiff
projects / ipfire.org.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f080998)
people: Add UI for password resets
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 31 Oct 2019 15:48:40 +0000 (15:48 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 31 Oct 2019 15:48:40 +0000 (15:48 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/templates/auth/login.html patch | blob | blame | history
src/web/auth.py patch | blob | blame | history

diff --git a/src/templates/auth/login.html b/src/templates/auth/login.html
index 1cf6ae89d8e3625720fe5387b60d66ae761739b3..23bdb025f0a62c0061e005df0a045cff2ebace61 100644 (file)
--- a/src/templates/auth/login.html
+++ b/src/templates/auth/login.html
@@ -5,10 +5,16 @@
 {% block content %}
        <div class="row justify-content-center my-5">
                <div class="col col-md-4">
-                       <div class="card mb-5">
+                       <div class="card {% if incorrect %}border-danger{% end %} mb-5">
                                <div class="card-body">
                                        <h5 class="card-title text-center mb-4">{{ _("Log In") }}</h5>
 
+                                       {% if incorrect %}
+                                               <h6 class="card-subtitle mb-4 text-danger text-center">
+                                                       {{ _("You entered an invalid username or password") }}
+                                               </h6>
+                                       {% end %}
+
                                        <form action="" method="POST">
                                                {% raw xsrf_form_html() %}
 
@@ -16,7 +22,8 @@
 
                                                <div class="form-group">
                                                        <input type="text" class="form-control form-control-lg"
-                                                               name="username" placeholder="{{ _("Username") }}" required autofocus>
+                                                               name="username" placeholder="{{ _("Username") }}"
+                                                               value="{{ username or "" }}" required autofocus>
                                                </div>
 
                                                <div class="form-group">
@@ -28,6 +35,12 @@
                                                        {{ _("Log in") }}
                                                </button>
                                        </form>
+
+                                       <p class="card-text text-center small mt-3">
+                                               <a class="text-muted" href="//people.ipfire.org/password-reset{% if incorrect %}?uid={{ username }}{% end %}">
+                                                       {{ _("Did you forget your password?") }}
+                                               </a>
+                                       </p>
                                </div>
                        </div>
 
diff --git a/src/web/auth.py b/src/web/auth.py
index 4a311393b1a2cec796241bd658752be9c0be0dbe..cb980666341ebd6e71b940c6a6d8fcdbdcf507ab 100644 (file)
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -43,27 +43,35 @@ class LoginHandler(AuthenticationMixin, base.BaseHandler):
        def get(self):
                next = self.get_argument("next", None)
 
-               self.render("auth/login.html", next=next)
+               self.render("auth/login.html", next=next,
+                       incorrect=False, username=None)
 
        @base.blacklisted
        @base.ratelimit(minutes=60, requests=5)
        def post(self):
                username = self.get_argument("username")
                password = self.get_argument("password")
+               next = self.get_argument("next", "/")
 
                # Find user
                account = self.backend.accounts.auth(username, password)
                if not account:
-                       raise tornado.web.HTTPError(401, "Unknown user or invalid password: %s" % username)
+                       logging.error("Unknown user or invalid password: %s" % username)
+
+                       # Set status to 401
+                       self.set_status(401)
+
+                       # Render login page again
+                       return self.render("auth/login.html",
+                               incorrect=True, username=username, next=next,
+                       )
 
                # Create session
                with self.db.transaction():
                        self.login(account)
 
-               # Determine the page we should redirect to
-               next = self.get_argument("next", None)
-
-               return self.redirect(next or "/")
+               # Redirect the user
+               return self.redirect(next)
 
 
 class LogoutHandler(AuthenticationMixin, base.BaseHandler):
The website of ipfire.org.