Skip to content

Rework controller and autorization flow#595

Merged
joewiz merged 6 commits intoeXist-db:developfrom
Jinntec:fix/guest-no
Mar 8, 2023
Merged

Rework controller and autorization flow#595
joewiz merged 6 commits intoeXist-db:developfrom
Jinntec:fix/guest-no

Conversation

@line-o
Copy link
Copy Markdown
Member

@line-o line-o commented Feb 13, 2023
edited
Loading

Fixes #164

  • add login page as static HTML (adapted from dashboard)
  • rewrite controller to always authenticate requests
  • add routes handling new flow
  • add background SVG for login page

Here is a screenshot of Safari (top left), Edge (top right), Chrome (bottom left), Firefox (bottom right) showing the login page.

Screenshot 2023-02-13 at 23 36 06

@line-o
Rework controller and autorization flow
e21a68f 
Fixes eXist-db#164

- add login page as static HTML (adapted from dashboard)
- rewrite controller to always authenticate requests
- add routes handling new flow
- add background SVG for login page
@line-o
Copy link
Copy Markdown
Member Author

line-o commented Feb 13, 2023
edited
Loading

TIL that git push -d deletes a branch :/ Well, I recreated the PR #594

@line-o line-o requested review from JoernT, duncdrum and joewiz February 14, 2023 09:45
duncdrum
duncdrum approved these changes Feb 16, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@duncdrum duncdrum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great thank @line-o

line-o
line-o commented Feb 16, 2023
View reviewed changes
Comment thread controller.xq Outdated
line-o
line-o commented Feb 16, 2023
View reviewed changes
Comment thread controller.xq Outdated
line-o
line-o commented Feb 16, 2023
View reviewed changes
Comment thread login.html Outdated
@joewiz
Copy link
Copy Markdown
Member

joewiz commented Mar 4, 2023
edited
Loading

I have checked out this branch and built and installed it into eXist 6.2.0. I can confirm that setting guest=no in eXide's configuration.xml file to cause any request to eXide to redirect to http://localhost:8080/exist/apps/eXide/login.html - with the page appearing as shown in the screenshots above. When guest=yes (as it is by default), this PR does not alter eXide's login UI at all.

@line-o Is this intentional, or was the new login screen meant to replace the original login UI too?

One suggestion. The placeholder for the user input field itsme is unusual. I'd recommend changing this placeholder text to "Username..." Similarly, the placeholder for the password input ifeld ·········· makes it appear as if a password has already been entered, so I'd recommend changing this placeholder text to "Password..."

@line-o
Copy link
Copy Markdown
Member Author

line-o commented Mar 4, 2023

@joewiz thank you for taking the time to review my PR.

Does the login page replace the current login form?

Yes, when guest access is restricted it is unsafe to even show the eXide page. If you are logged in and this can see eXide the form will still work and allow to switch to a different user.

Nothing changes for instances where guest access is allowed.

unconventional placeholders

I will change the placeholders as you suggested.

@joewiz joewiz merged commit eee1137 into eXist-db:develop Mar 8, 2023
@line-o line-o deleted the fix/guest-no branch March 10, 2023 06:57
@line-o line-o mentioned this pull request Jul 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joewiz joewiz joewiz approved these changes

@duncdrum duncdrum duncdrum approved these changes

@JoernT JoernT Awaiting requested review from JoernT

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

With configuration.xml set to guest=no, login is impossible

3 participants

@line-o @joewiz @duncdrum