Commit 132a0974 authored by o@immerda.ch's avatar o@immerda.ch
Browse files

bounce back to the original page after login

Mainly this should give us a better ux, when we link to individual
settings, like the password change page.
parent 9a9cb026
......@@ -42,7 +42,12 @@ class ApplicationController < ActionController::Base
def authorize
if !current_user
redirect_to '/login'
page = request.env['PATH_INFO']
if page != '/'
redirect_to "/login?p=#{page}"
else
redirect_to "/login"
end
elsif session_expired?
redirect_to '/logout'
else
......
......@@ -11,7 +11,7 @@ class SessionsController < ApplicationController
proof = Digest::SHA256.hexdigest(
"#{session[:pow_nonce]}#{params[:user_id]}#{params[:password]}#{params[:pow]}")
f = session[:pow_factor]
puts "POW: #{proof}"
# puts "POW: #{proof}"
proof[0...f] == "1"*f
end
......@@ -39,10 +39,15 @@ class SessionsController < ApplicationController
@pw = if res['temp_pw'] then res['temp_pw'] else params[:password] end
render 'handoff' and return
else
if trees_enabled? && res['trees_recovery_token_present']
flash[:notice] = :recovery_token_hint
load_page
if @page && !(@page =~ /login/ || @page =~ /logout/)
redirect_to @page
else
if trees_enabled? && res['trees_recovery_token_present']
flash[:notice] = :recovery_token_hint
end
redirect_to '/'
end
redirect_to '/'
end
# successful login
flash[:notice] = nil
......@@ -74,9 +79,14 @@ class SessionsController < ApplicationController
private
def load_page
@page = params[:p] || (if params[:page] then params[:page].first end)
end
def load_params
@pow_nonce = session[:pow_nonce] = (0...8).map { (65 + rand(26)).chr }.join
@pow_factor = session[:pow_factor] ||= 1
@handoff = params[:handoff]
load_page
end
end
......@@ -14,6 +14,7 @@
<br />
<%= hidden_field(:pow, :nonce, :value => @pow_nonce) %>
<%= hidden_field(:pow, :factor, :value => @pow_factor) %>
<%= hidden_field(:page, '', :value => @page) %>
<p>
<%= submit_tag (t :submit) %>
</p>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment