fix: back link on password page needs to be explicit.

The back link on the password page was using Javascript to tell the
browser to navigate back, which won't work if the user has entered a
set of incorrect log-in details.  Fix this by using an explicit URL
instead.

Fixes #1851

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
This commit is contained in:
Alastair Houghton 2020-11-16 11:29:14 +00:00
parent cdbb5dd94d
commit 0284a4c3c9
3 changed files with 16 additions and 7 deletions

View File

@ -232,7 +232,16 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
} }
scopes := parseScopes(authReq.Scopes) scopes := parseScopes(authReq.Scopes)
showBacklink := len(s.connectors) > 1
// Work out where the "Select another login method" link should go.
backLink := ""
if len(s.connectors) > 1 {
backLinkURL := url.URL{
Path: s.absPath("/auth"),
RawQuery: r.Form.Encode(),
}
backLink = backLinkURL.String()
}
switch r.Method { switch r.Method {
case http.MethodGet: case http.MethodGet:
@ -249,7 +258,7 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
} }
http.Redirect(w, r, callbackURL, http.StatusFound) http.Redirect(w, r, callbackURL, http.StatusFound)
case connector.PasswordConnector: case connector.PasswordConnector:
if err := s.templates.password(r, w, r.URL.String(), "", usernamePrompt(conn), false, showBacklink); err != nil { if err := s.templates.password(r, w, r.URL.String(), "", usernamePrompt(conn), false, backLink); err != nil {
s.logger.Errorf("Server template error: %v", err) s.logger.Errorf("Server template error: %v", err)
} }
case connector.SAMLConnector: case connector.SAMLConnector:
@ -297,7 +306,7 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
return return
} }
if !ok { if !ok {
if err := s.templates.password(r, w, r.URL.String(), username, usernamePrompt(passwordConnector), true, showBacklink); err != nil { if err := s.templates.password(r, w, r.URL.String(), username, usernamePrompt(passwordConnector), true, backLink); err != nil {
s.logger.Errorf("Server template error: %v", err) s.logger.Errorf("Server template error: %v", err)
} }
return return

View File

@ -266,15 +266,15 @@ func (t *templates) login(r *http.Request, w http.ResponseWriter, connectors []c
return renderTemplate(w, t.loginTmpl, data) return renderTemplate(w, t.loginTmpl, data)
} }
func (t *templates) password(r *http.Request, w http.ResponseWriter, postURL, lastUsername, usernamePrompt string, lastWasInvalid, showBacklink bool) error { func (t *templates) password(r *http.Request, w http.ResponseWriter, postURL, lastUsername, usernamePrompt string, lastWasInvalid bool, backLink string) error {
data := struct { data := struct {
PostURL string PostURL string
BackLink bool BackLink string
Username string Username string
UsernamePrompt string UsernamePrompt string
Invalid bool Invalid bool
ReqPath string ReqPath string
}{postURL, showBacklink, lastUsername, usernamePrompt, lastWasInvalid, r.URL.Path} }{postURL, backLink, lastUsername, usernamePrompt, lastWasInvalid, r.URL.Path}
return renderTemplate(w, t.passwordTmpl, data) return renderTemplate(w, t.passwordTmpl, data)
} }

View File

@ -27,7 +27,7 @@
</form> </form>
{{ if .BackLink }} {{ if .BackLink }}
<div class="theme-link-back"> <div class="theme-link-back">
<a class="dex-subtle-text" href="javascript:history.back()">Select another login method.</a> <a class="dex-subtle-text" href="{{ .BackLink }}">Select another login method.</a>
</div> </div>
{{ end }} {{ end }}
</div> </div>