display flash errors for external auths like saml or oidc on the login screen #6154

Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-06-11 20:06:19 +01:00 · 2024-06-11 20:06:19 +01:00 · d7341ab153
parent 74d6252699
commit d7341ab153
5 changed files with 62 additions and 1 deletions
--- a/common.js
+++ b/common.js
@ -404,4 +404,19 @@ module.exports.convertStrArray = function (object, split) {
    } else {
        return []
    }
+}
+
+module.exports.uniqueArray = function (a) {
+    var seen = {};
+    var out = [];
+    var len = a.length;
+    var j = 0;
+    for(var i = 0; i < len; i++) {
+         var item = a[i];
+         if(seen[item] !== 1) {
+               seen[item] = 1;
+               out[j++] = item;
+         }
+    }
+    return out;
 }
--- a/views/login-mobile.handlebars
+++ b/views/login-mobile.handlebars
@ -356,6 +356,19 @@
            }
        }

+        // Display flash error Messages
+        var flashErrors = JSON.parse('{{{flashErrors}}}');
+        if (flashErrors && (flashErrors.length > 0)) {
+            var msg = '';
+            for (i = 0; i < flashErrors.length; i++) {
+                if (flashErrors[i]) {
+                    msg += '<span class="msg error"><b style=color:#8C001A>' + flashErrors[i] + '<b></span><br /><br />';
+                }
+            }
+            QH('message1', msg);
+            QV('message1', true);
+        }
+
        // If URL arguments are provided, add them to form posts
        if (window.location.href.indexOf('?') > 0) {
            var urlargs = window.location.href.substring(window.location.href.indexOf('?'));
--- a/views/login.handlebars
+++ b/views/login.handlebars
@ -361,6 +361,19 @@
                }
            }

+            // Display flash error Messages
+            var flashErrors = JSON.parse('{{{flashErrors}}}');
+            if (flashErrors && (flashErrors.length > 0)) {
+                var msg = '';
+                for (i = 0; i < flashErrors.length; i++) {
+                    if (flashErrors[i]) {
+                        msg += '<span class="msg error"><b style=color:#8C001A>' + flashErrors[i] + '<b></span><br /><br />';
+                    }
+                }
+                QH('message1', msg);
+                QV('message1', true);
+            }
+
            // Fix links if a loginKey if used
            var urlargs = parseUriArgs();
            if (urlargs.key) {
--- a/views/login2.handlebars
+++ b/views/login2.handlebars
@ -437,6 +437,19 @@
                }
            }

+            // Display flash error Messages
+            var flashErrors = JSON.parse('{{{flashErrors}}}');
+            if (flashErrors && (flashErrors.length > 0)) {
+                var msg = '';
+                for (i = 0; i < flashErrors.length; i++) {
+                    if (flashErrors[i]) {
+                        msg += '<span class="msg error"><b style=color:#8C001A>' + flashErrors[i] + '<b></span><br /><br />';
+                    }
+                }
+                QH('message1', msg);
+                QV('message1', true);
+            }
+
            // Fix links if a loginKey if used
            var urlargs = parseUriArgs();
            //if (urlargs.key) { Q('termsLinkFooter').href += '?key=' + urlargs.key; }
--- a/webserver.js
+++ b/webserver.js
@ -3359,6 +3359,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
            newAccountCaptchaImage = 'newAccountCaptcha.ashx?x=' + newAccountCaptcha;
        }

+        // Check for flash errors from passport.js and make the array unique
+        var flashErrors = [];
+        if (req.session.flash && req.session.flash.error) {
+            flashErrors = obj.common.uniqueArray(req.session.flash.error);
+        }
+
        // Render the login page
        render(req, res,
            getRenderPage((domain.sitestyle == 2) ? 'login2' : 'login', req, domain),
@ -3380,6 +3386,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                footer: (domain.loginfooter == null) ? '' : domain.loginfooter,
                hkey: encodeURIComponent(hardwareKeyChallenge).replace(/'/g, '%27'),
                messageid: msgid,
+                flashErrors: JSON.stringify(flashErrors),
                passhint: passhint,
                welcometext: domain.welcometext ? encodeURIComponent(domain.welcometext).split('\'').join('\\\'') : null,
                welcomePictureFullScreen: ((typeof domain.welcomepicturefullscreen == 'boolean') ? domain.welcomepicturefullscreen : false),
@ -6766,7 +6773,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                    if ((domain.authstrategies.authStrategyFlags & domainAuthStrategyConsts.oidc) != 0) {
                        let authURL = url + 'auth-oidc'
                        parent.authLog('setupHTTPHandlers', `OIDC: Authorization URL: ${authURL}`);
-                        obj.app.use(require('connect-flash')());
                        obj.app.get(authURL, function (req, res, next) {
                            var domain = getDomain(req);
                            if (domain.passport == null) { next(); return; }
@ -7180,6 +7186,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
        passport.serializeUser(function (user, done) { done(null, user.sid); });
        passport.deserializeUser(function (sid, done) { done(null, { sid: sid }); });
        obj.app.use(passport.initialize());
+        obj.app.use(require('connect-flash')());

        // Twitter
        if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.clientid == 'string') && (typeof domain.authstrategies.twitter.clientsecret == 'string')) {