aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/ui/controller
diff options
context:
space:
mode:
Diffstat (limited to 'server/ui/controller')
-rw-r--r--server/ui/controller/controller.go9
-rw-r--r--server/ui/controller/login.go33
-rw-r--r--server/ui/controller/oauth2.go22
-rw-r--r--server/ui/controller/session.go7
-rw-r--r--server/ui/controller/settings.go1
-rw-r--r--server/ui/controller/unread.go2
6 files changed, 23 insertions, 51 deletions
diff --git a/server/ui/controller/controller.go b/server/ui/controller/controller.go
index cfecf42..8f1f415 100644
--- a/server/ui/controller/controller.go
+++ b/server/ui/controller/controller.go
@@ -44,10 +44,11 @@ func (c *Controller) getCommonTemplateArgs(ctx *core.Context) (tplParams, error)
}
params := tplParams{
- "menu": "",
- "user": user,
- "countUnread": countUnread,
- "csrf": ctx.CsrfToken(),
+ "menu": "",
+ "user": user,
+ "countUnread": countUnread,
+ "csrf": ctx.CSRF(),
+ "flashMessage": ctx.FlashMessage(),
}
return params, nil
}
diff --git a/server/ui/controller/login.go b/server/ui/controller/login.go
index d130f4c..87b8a4e 100644
--- a/server/ui/controller/login.go
+++ b/server/ui/controller/login.go
@@ -5,10 +5,8 @@
package controller
import (
- "net/http"
- "time"
-
"github.com/miniflux/miniflux/logger"
+ "github.com/miniflux/miniflux/server/cookie"
"github.com/miniflux/miniflux/server/core"
"github.com/miniflux/miniflux/server/ui/form"
@@ -23,7 +21,7 @@ func (c *Controller) ShowLoginPage(ctx *core.Context, request *core.Request, res
}
response.HTML().Render("login", tplParams{
- "csrf": ctx.CsrfToken(),
+ "csrf": ctx.CSRF(),
})
}
@@ -32,7 +30,7 @@ func (c *Controller) CheckLogin(ctx *core.Context, request *core.Request, respon
authForm := form.NewAuthForm(request.Request())
tplParams := tplParams{
"errorMessage": "Invalid username or password.",
- "csrf": ctx.CsrfToken(),
+ "csrf": ctx.CSRF(),
}
if err := authForm.Validate(); err != nil {
@@ -60,15 +58,7 @@ func (c *Controller) CheckLogin(ctx *core.Context, request *core.Request, respon
logger.Info("[Controller:CheckLogin] username=%s just logged in", authForm.Username)
- cookie := &http.Cookie{
- Name: "sessionID",
- Value: sessionToken,
- Path: "/",
- Secure: request.IsHTTPS(),
- HttpOnly: true,
- }
-
- response.SetCookie(cookie)
+ response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, request.IsHTTPS()))
response.Redirect(ctx.Route("unread"))
}
@@ -76,21 +66,10 @@ func (c *Controller) CheckLogin(ctx *core.Context, request *core.Request, respon
func (c *Controller) Logout(ctx *core.Context, request *core.Request, response *core.Response) {
user := ctx.LoggedUser()
- sessionCookie := request.Cookie("sessionID")
- if err := c.store.RemoveUserSessionByToken(user.ID, sessionCookie); err != nil {
+ if err := c.store.RemoveUserSessionByToken(user.ID, ctx.UserSessionToken()); err != nil {
logger.Error("[Controller:Logout] %v", err)
}
- cookie := &http.Cookie{
- Name: "sessionID",
- Value: "",
- Path: "/",
- Secure: request.IsHTTPS(),
- HttpOnly: true,
- MaxAge: -1,
- Expires: time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC),
- }
-
- response.SetCookie(cookie)
+ response.SetCookie(cookie.Expired(cookie.CookieUserSessionID, request.IsHTTPS()))
response.Redirect(ctx.Route("login"))
}
diff --git a/server/ui/controller/oauth2.go b/server/ui/controller/oauth2.go
index 56ed53c..5011b1a 100644
--- a/server/ui/controller/oauth2.go
+++ b/server/ui/controller/oauth2.go
@@ -5,11 +5,10 @@
package controller
import (
- "net/http"
-
"github.com/miniflux/miniflux/config"
"github.com/miniflux/miniflux/logger"
"github.com/miniflux/miniflux/model"
+ "github.com/miniflux/miniflux/server/cookie"
"github.com/miniflux/miniflux/server/core"
"github.com/miniflux/miniflux/server/oauth2"
"github.com/tomasen/realip"
@@ -19,7 +18,7 @@ import (
func (c *Controller) OAuth2Redirect(ctx *core.Context, request *core.Request, response *core.Response) {
provider := request.StringParam("provider", "")
if provider == "" {
- logger.Error("[OAuth2] Invalid or missing provider")
+ logger.Error("[OAuth2] Invalid or missing provider: %s", provider)
response.Redirect(ctx.Route("login"))
return
}
@@ -31,7 +30,7 @@ func (c *Controller) OAuth2Redirect(ctx *core.Context, request *core.Request, re
return
}
- response.Redirect(authProvider.GetRedirectURL(ctx.CsrfToken()))
+ response.Redirect(authProvider.GetRedirectURL(ctx.GenerateOAuth2State()))
}
// OAuth2Callback receives the authorization code and create a new session.
@@ -51,8 +50,8 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re
}
state := request.QueryStringParam("state", "")
- if state != ctx.CsrfToken() {
- logger.Error("[OAuth2] Invalid state value")
+ if state == "" || state != ctx.OAuth2State() {
+ logger.Error(`[OAuth2] Invalid state value: got "%s" instead of "%s"`, state, ctx.OAuth2State())
response.Redirect(ctx.Route("login"))
return
}
@@ -78,6 +77,7 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re
return
}
+ ctx.SetFlashMessage(ctx.Translate("Your external account is now linked !"))
response.Redirect(ctx.Route("settings"))
return
}
@@ -118,15 +118,7 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re
logger.Info("[Controller:OAuth2Callback] username=%s just logged in", user.Username)
- cookie := &http.Cookie{
- Name: "sessionID",
- Value: sessionToken,
- Path: "/",
- Secure: request.IsHTTPS(),
- HttpOnly: true,
- }
-
- response.SetCookie(cookie)
+ response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, request.IsHTTPS()))
response.Redirect(ctx.Route("unread"))
}
diff --git a/server/ui/controller/session.go b/server/ui/controller/session.go
index a020b16..05cb29e 100644
--- a/server/ui/controller/session.go
+++ b/server/ui/controller/session.go
@@ -9,7 +9,7 @@ import (
"github.com/miniflux/miniflux/server/core"
)
-// ShowSessions shows the list of active sessions.
+// ShowSessions shows the list of active user sessions.
func (c *Controller) ShowSessions(ctx *core.Context, request *core.Request, response *core.Response) {
user := ctx.LoggedUser()
args, err := c.getCommonTemplateArgs(ctx)
@@ -24,15 +24,14 @@ func (c *Controller) ShowSessions(ctx *core.Context, request *core.Request, resp
return
}
- sessionCookie := request.Cookie("sessionID")
response.HTML().Render("sessions", args.Merge(tplParams{
"sessions": sessions,
- "currentSessionToken": sessionCookie,
+ "currentSessionToken": ctx.UserSessionToken(),
"menu": "settings",
}))
}
-// RemoveSession remove a session.
+// RemoveSession remove a user session.
func (c *Controller) RemoveSession(ctx *core.Context, request *core.Request, response *core.Response) {
user := ctx.LoggedUser()
diff --git a/server/ui/controller/settings.go b/server/ui/controller/settings.go
index af7558a..feba893 100644
--- a/server/ui/controller/settings.go
+++ b/server/ui/controller/settings.go
@@ -62,6 +62,7 @@ func (c *Controller) UpdateSettings(ctx *core.Context, request *core.Request, re
return
}
+ ctx.SetFlashMessage(ctx.Translate("Preferences saved!"))
response.Redirect(ctx.Route("settings"))
}
diff --git a/server/ui/controller/unread.go b/server/ui/controller/unread.go
index 87faafc..8cf8a38 100644
--- a/server/ui/controller/unread.go
+++ b/server/ui/controller/unread.go
@@ -44,6 +44,6 @@ func (c *Controller) ShowUnreadPage(ctx *core.Context, request *core.Request, re
"entries": entries,
"pagination": c.getPagination(ctx.Route("unread"), countUnread, offset),
"menu": "unread",
- "csrf": ctx.CsrfToken(),
+ "csrf": ctx.CSRF(),
})
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 17:11:30 +0000