From d7341ab153ba5a4eb9f20a9ef2f8d1cc650f84c3 Mon Sep 17 00:00:00 2001 From: si458 Date: Tue, 11 Jun 2024 20:06:19 +0100 Subject: [PATCH] display flash errors for external auths like saml or oidc on the login screen #6154 Signed-off-by: si458 --- common.js | 15 +++++++++++++++ views/login-mobile.handlebars | 13 +++++++++++++ views/login.handlebars | 13 +++++++++++++ views/login2.handlebars | 13 +++++++++++++ webserver.js | 9 ++++++++- 5 files changed, 62 insertions(+), 1 deletion(-) diff --git a/common.js b/common.js index af55c050..ab491028 100644 --- a/common.js +++ b/common.js @@ -404,4 +404,19 @@ module.exports.convertStrArray = function (object, split) { } else { return [] } +} + +module.exports.uniqueArray = function (a) { + var seen = {}; + var out = []; + var len = a.length; + var j = 0; + for(var i = 0; i < len; i++) { + var item = a[i]; + if(seen[item] !== 1) { + seen[item] = 1; + out[j++] = item; + } + } + return out; } \ No newline at end of file diff --git a/views/login-mobile.handlebars b/views/login-mobile.handlebars index 959847b6..3d8c7ba0 100644 --- a/views/login-mobile.handlebars +++ b/views/login-mobile.handlebars @@ -356,6 +356,19 @@ } } + // Display flash error Messages + var flashErrors = JSON.parse('{{{flashErrors}}}'); + if (flashErrors && (flashErrors.length > 0)) { + var msg = ''; + for (i = 0; i < flashErrors.length; i++) { + if (flashErrors[i]) { + msg += '' + flashErrors[i] + '

'; + } + } + QH('message1', msg); + QV('message1', true); + } + // If URL arguments are provided, add them to form posts if (window.location.href.indexOf('?') > 0) { var urlargs = window.location.href.substring(window.location.href.indexOf('?')); diff --git a/views/login.handlebars b/views/login.handlebars index 5b935038..0b3c3f09 100644 --- a/views/login.handlebars +++ b/views/login.handlebars @@ -361,6 +361,19 @@ } } + // Display flash error Messages + var flashErrors = JSON.parse('{{{flashErrors}}}'); + if (flashErrors && (flashErrors.length > 0)) { + var msg = ''; + for (i = 0; i < flashErrors.length; i++) { + if (flashErrors[i]) { + msg += '' + flashErrors[i] + '

'; + } + } + QH('message1', msg); + QV('message1', true); + } + // Fix links if a loginKey if used var urlargs = parseUriArgs(); if (urlargs.key) { diff --git a/views/login2.handlebars b/views/login2.handlebars index 8b06003d..3e6446ba 100644 --- a/views/login2.handlebars +++ b/views/login2.handlebars @@ -437,6 +437,19 @@ } } + // Display flash error Messages + var flashErrors = JSON.parse('{{{flashErrors}}}'); + if (flashErrors && (flashErrors.length > 0)) { + var msg = ''; + for (i = 0; i < flashErrors.length; i++) { + if (flashErrors[i]) { + msg += '' + flashErrors[i] + '

'; + } + } + QH('message1', msg); + QV('message1', true); + } + // Fix links if a loginKey if used var urlargs = parseUriArgs(); //if (urlargs.key) { Q('termsLinkFooter').href += '?key=' + urlargs.key; } diff --git a/webserver.js b/webserver.js index 2cccade6..3ac23027 100644 --- a/webserver.js +++ b/webserver.js @@ -3359,6 +3359,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF newAccountCaptchaImage = 'newAccountCaptcha.ashx?x=' + newAccountCaptcha; } + // Check for flash errors from passport.js and make the array unique + var flashErrors = []; + if (req.session.flash && req.session.flash.error) { + flashErrors = obj.common.uniqueArray(req.session.flash.error); + } + // Render the login page render(req, res, getRenderPage((domain.sitestyle == 2) ? 'login2' : 'login', req, domain), @@ -3380,6 +3386,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF footer: (domain.loginfooter == null) ? '' : domain.loginfooter, hkey: encodeURIComponent(hardwareKeyChallenge).replace(/'/g, '%27'), messageid: msgid, + flashErrors: JSON.stringify(flashErrors), passhint: passhint, welcometext: domain.welcometext ? encodeURIComponent(domain.welcometext).split('\'').join('\\\'') : null, welcomePictureFullScreen: ((typeof domain.welcomepicturefullscreen == 'boolean') ? domain.welcomepicturefullscreen : false), @@ -6766,7 +6773,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF if ((domain.authstrategies.authStrategyFlags & domainAuthStrategyConsts.oidc) != 0) { let authURL = url + 'auth-oidc' parent.authLog('setupHTTPHandlers', `OIDC: Authorization URL: ${authURL}`); - obj.app.use(require('connect-flash')()); obj.app.get(authURL, function (req, res, next) { var domain = getDomain(req); if (domain.passport == null) { next(); return; } @@ -7180,6 +7186,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF passport.serializeUser(function (user, done) { done(null, user.sid); }); passport.deserializeUser(function (sid, done) { done(null, { sid: sid }); }); obj.app.use(passport.initialize()); + obj.app.use(require('connect-flash')()); // Twitter if ((typeof domain.authstrategies.twitter == 'object') && (typeof domain.authstrategies.twitter.clientid == 'string') && (typeof domain.authstrategies.twitter.clientsecret == 'string')) {