Improved login and prepared logout
Change-Id: I29e7c3752682e1016cbbd861ac1c1c3dd64964ab
diff --git a/dev/scss/header/header.scss b/dev/scss/header/header.scss
index 5d366db..98201e3 100644
--- a/dev/scss/header/header.scss
+++ b/dev/scss/header/header.scss
@@ -114,6 +114,9 @@
> a.login::after {
content: $fa-login;
}
+ > a.logout::after {
+ content: $fa-logout;
+ }
}
#vc-view > div {
diff --git a/kalamar.dict b/kalamar.dict
index 16968ec..0dafc51 100644
--- a/kalamar.dict
+++ b/kalamar.dict
@@ -22,6 +22,7 @@
},
about => 'Über KorAP',
login => 'Anmelden',
+ logout => 'Abmelden',
register => 'Registrieren',
pwdforgotten => 'Password vergessen?',
searchjob => '»<%== $q %>« <% if (param("collection-name")) { %>in »<%== param("collection-name") %>«<% } elsif (param("collection")) { %>im definierten Korpus<% } %> mit <%== loc("QL_" . $ql, "unbekannter Anfragesprache") %>',
@@ -52,6 +53,11 @@
},
template => {
intro => 'de/intro'
+ },
+ Auth => {
+ loginSuccess => 'Anmeldung erfolgreich',
+ loginFail => 'Anmeldung fehlgeschlagen',
+ logoutSuccess => 'Abmeldung erfolgreich'
}
},
-en => {
@@ -65,6 +71,7 @@
},
about => 'About KorAP',
login => 'Login',
+ logout => 'Abmelden',
register => 'Register',
pwdforgotten => 'Password forgotten?',
go => 'Go!',
@@ -97,6 +104,11 @@
cosmas2 => 'Cosmas II',
annis => 'Annis QL',
cql => 'CQL v1.2'
+ },
+ Auth => {
+ loginSuccess => 'Login successful',
+ loginFail => 'Access denied',
+ logoutSuccess => 'Logout successful'
}
}
};
diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index c35ed27..0bd2252 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -133,6 +133,7 @@
if ($c->session('auth')) {
$c->stash(auth => $c->session('auth'));
+ $c->stash(user => $c->session('user'));
};
return 1;
}
@@ -165,7 +166,7 @@
# User Management
my $user = $r->any('/user')->to(controller => 'User');
$user->post('/login')->to(action => 'login')->name('login');
-# $r->get('/logout')->to(action => 'logout')->name('logout');
+ $user->get('/logout')->to(action => 'logout')->name('logout');
# $r->any('/register')->to(action => 'register')->name('register');
# $r->any('/forgotten')->to(action => 'pwdforgotten')->name('pwdforgotten');
diff --git a/lib/Kalamar/Apps/test_backend.pl b/lib/Kalamar/Apps/test_backend.pl
index aeb0860..a887b59 100644
--- a/lib/Kalamar/Apps/test_backend.pl
+++ b/lib/Kalamar/Apps/test_backend.pl
@@ -2,7 +2,7 @@
use Mojolicious::Lite;
use Mojo::ByteStream 'b';
use Mojo::Date;
-use Mojo::JSON qw/true false/;
+use Mojo::JSON qw/true false encode_json/;
use strict;
use warnings;
use Mojo::JWT;
@@ -13,7 +13,7 @@
helper jwt => sub {
shift;
- Mojo::JWT->new(
+ return Mojo::JWT->new(
secret => 's3cr3t',
token_type => 'api_token',
expires => Mojo::Date->new(time + (3 * 34 * 60 * 60)),
@@ -125,6 +125,7 @@
};
+
############
# Auth API #
############
@@ -148,7 +149,6 @@
# Decode header
my ($username, $pwd) = @{b($auth)->b64_decode->split(':')->to_array};
-
# the password is 'pass'
if ($pwd) {
@@ -156,7 +156,18 @@
if ($pwd eq 'pass') {
# Render info with token
- return $c->render($c->jwt(username => $username));
+ my $jwt = $c->jwt(username => $username);
+
+ # Render in the Kustvakt fashion:
+ return $c->render(
+ format => 'html',
+ text => encode_json({
+ %{$jwt->claims},
+ expires => $jwt->expires,
+ token => $jwt->encode,
+ token_type => 'api_token'
+ })
+ );
};
return $c->render(
diff --git a/lib/Kalamar/Controller/User.pm b/lib/Kalamar/Controller/User.pm
index b80aec0..636f4c3 100644
--- a/lib/Kalamar/Controller/User.pm
+++ b/lib/Kalamar/Controller/User.pm
@@ -11,7 +11,7 @@
$v->required('pwd', 'trim');
if ($v->has_error) {
- $c->notify(error => 'Login fail');
+ $c->notify(error => $c->loc('Auth_loginFail'));
}
# Login user
@@ -19,20 +19,39 @@
$v->param('handle_or_email'),
$v->param('pwd')
)) {
- $c->notify(success => 'Login successful!');
+ $c->notify(success => $c->loc('Auth_loginSuccess'));
+ }
+
+ else {
+ $c->notify(error => $c->loc('Auth_loginFail'));
};
# Set flash for redirect
$c->flash(handle_or_email => $v->param('handle_or_email'));
# Redirect to slash
- return $c->redirect_to('/');
+ return $c->redirect_to('index');
};
+
+# Logout of the session
sub logout {
- shift->user->logout;
+ my $c = shift;
+
+ # Log out of the system
+ if ($c->user->logout) {
+ $c->notify('success', $c->loc('Auth_logoutSuccess'));
+ }
+
+ # Something went wrong
+ else {
+ $c->notify('error', $c->loc('Auth_logoutFail'));
+ };
+ return $c->redirect_to('index');
};
+
+
sub register {
my $c = shift;
$c->render(json => {
@@ -40,6 +59,8 @@
});
};
+
+
sub pwdforgotten {
my $c = shift;
$c->render(json => {
diff --git a/lib/Kalamar/Plugin/KalamarUser.pm b/lib/Kalamar/Plugin/KalamarUser.pm
index cb4f0be..f951f0f 100644
--- a/lib/Kalamar/Plugin/KalamarUser.pm
+++ b/lib/Kalamar/Plugin/KalamarUser.pm
@@ -54,10 +54,11 @@
'user.ua' => sub {
my $c = shift;
my $auth = $c->user_auth;
- my $client = $c->req->headers->header('X-Forwarded-For');
return $plugin->ua unless $auth;
+ my $client = $c->req->headers->header('X-Forwarded-For');
+
my $ua = Mojo::UserAgent->new;
# Set app to server
@@ -126,6 +127,8 @@
$mojo->log->debug(qq!Login successful: "$user" with "$auth"!);
+ $user = $jwt->{username} ? $jwt->{username} : $user;
+
# Set session info
$c->session(user => $user);
$c->session(auth => $auth);
@@ -248,14 +251,22 @@
my $c = shift;
# TODO: csrf-protection!
- # TODO: REVOKE ON THE SERVER ONCE SUPPORTED!
+
+ my $url = Mojo::URL->new($plugin->api);
+ $url->query('/auth/logout');
+
+ # Receive value from server
+ my $return_value = $c->user->ua->get($url);
+
+ # TODO:
+ # Do something with value
# Clear cache
$c->chi('user')->remove($c->user_auth);
# Expire session
$c->session(expires => 1);
- return $c->redirect_to('index');
+ return 1;
}
);
};
diff --git a/t/remote_user.t b/t/remote_user.t
index 5e23b95..d904fb7 100644
--- a/t/remote_user.t
+++ b/t/remote_user.t
@@ -11,9 +11,6 @@
$t->get_ok('/')
->element_exists('form[action=/user/login] input[name=handle_or_email]');
-#$t->post_ok('/user/login' => form => { handle_or_email => 'test' })
-# ->status_is(302);
-
$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'fail' })
->status_is(302)
->header_is('Location' => '/');
@@ -24,6 +21,17 @@
->element_exists('input[name=handle_or_email][value=test]')
;
+$t->post_ok('/user/login' => form => { handle_or_email => 'test', pwd => 'pass' })
+ ->status_is(302)
+ ->header_is('Location' => '/');
+
+$t->get_ok('/')
+ ->status_is(200)
+ ->element_exists_not('div.notify-error')
+ ->element_exists('div.notify-success')
+ ->text_is('div.notify-success', 'Login successful!')
+ ;
+
done_testing;
__END__
diff --git a/templates/layouts/main.html.ep b/templates/layouts/main.html.ep
index 519229e..7ddb283 100644
--- a/templates/layouts/main.html.ep
+++ b/templates/layouts/main.html.ep
@@ -37,10 +37,10 @@
<button type="submit"><span><%= loc 'go' %></span></button>
</div>
% end
- <ul>
- <li><%= link_to loc('register') => 'register' %></li>
- <li><%= link_to loc('pwdforgotten') => 'pwd_forgotten' %></li>
- </ul>
+%# <ul>
+%# <li><%= link_to loc('register') => 'register' %></li>
+%# <li><%= link_to loc('pwdforgotten') => 'pwd_forgotten' %></li>
+%# </ul>
</fieldset>
% end
% }
diff --git a/templates/partial/header.html.ep b/templates/partial/header.html.ep
index fdc25d6..a81aebc 100644
--- a/templates/partial/header.html.ep
+++ b/templates/partial/header.html.ep
@@ -1,11 +1,14 @@
<header>
<%= link_to 'index', class => 'logo', begin %><h1><span><%= title() // loc('korap_desc') %></span></h1><% end %>
<div class="button top">
-<!--
- <a href="#"
- class="login"
- title="<%= loc 'login' %>"><span><%= loc 'login' %></span></a>
--->
+
+% if (stash('user')) {
+ %# TODO: CSRF protection
+ <a href="<%= url_for 'logout' %>"
+ class="logout"
+ title="<%= loc 'logout' %>: <%= stash('user') %>"><span><%= loc 'logout' %></span></a>
+% };
+
</div>
<form autocomplete="off" action="<%= url_for 'index' %>" id="searchform">
<div id="searchbar">