[Rt-commit] rt branch, 4.0/mobile-login, created. rt-4.0.8-259-g4b1ddff
Thomas Sibley
trs at bestpractical.com
Mon Dec 17 16:39:25 EST 2012
The branch, 4.0/mobile-login has been created
at 4b1ddff04fee8f495050505c97f5734bedce2b19 (commit)
- Log -----------------------------------------------------------------
commit d9b23316c95ec0403c2da22565c47d3f3018fef1
Author: sunnavy <sunnavy at bestpractical.com>
Date: Wed Dec 14 13:27:10 2011 +0800
show mobile login on mobile clients
also, if user access urls starting with /m/, even though it's not a mobile
client, we also show the mobile login.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 3385c49..00d6d3c 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -285,6 +285,10 @@ sub HandleRequest {
# Process per-page authentication callbacks
$HTML::Mason::Commands::m->callback( %$ARGS, CallbackName => 'Auth', CallbackPage => '/autohandler' );
+ if ( $ARGS->{'NotMobile'} ) {
+ $HTML::Mason::Commands::session{'NotMobile'} = 1;
+ }
+
unless ( _UserLoggedIn() ) {
_ForceLogout();
@@ -302,10 +306,14 @@ sub HandleRequest {
$m->out("\n$msg\n") if $msg;
$m->abort;
}
- # Specially handle /index.html so that we get a nicer URL
- elsif ( $m->request_comp->path eq '/index.html' ) {
- my $next = SetNextPage($ARGS);
- $m->comp('/NoAuth/Login.html', next => $next, actions => [$msg]);
+ # Specially handle /index.html and /m/index.html so that we get a nicer URL
+ elsif ( $m->request_comp->path =~ m{^(/m)?/index\.html$} ) {
+ my $mobile = $1 ? 1 : 0;
+ my $next = SetNextPage($ARGS);
+ $m->comp('/NoAuth/Login.html',
+ next => $next,
+ actions => [$msg],
+ mobile => $mobile);
$m->abort;
}
else {
@@ -434,6 +442,10 @@ sub TangentForLogin {
my $ARGS = shift;
my $hash = SetNextPage($ARGS);
my %query = (@_, next => $hash);
+
+ $query{mobile} = 1
+ if $HTML::Mason::Commands::m->request_comp->path =~ m{^/m(/|$)};
+
my $login = RT->Config->Get('WebURL') . 'NoAuth/Login.html?';
$login .= $HTML::Mason::Commands::m->comp('/Elements/QueryString', %query);
Redirect($login);
diff --git a/share/html/NoAuth/Login.html b/share/html/NoAuth/Login.html
index 086e112..b5054fb 100644
--- a/share/html/NoAuth/Login.html
+++ b/share/html/NoAuth/Login.html
@@ -49,4 +49,9 @@
my ($good, $msg) = RT::Interface::Web::AttemptPasswordAuthentication(\%ARGS);
$ARGS{'actions'} = [$msg] if not $good and $msg;
</%init>
+
+% if ( RT::Interface::Web::MobileClient() || $ARGS{mobile} ) {
+<& /m/login, %ARGS &>
+% } else {
<& /Elements/Login, %ARGS &>
+% }
diff --git a/share/html/m/_elements/wrapper b/share/html/m/_elements/wrapper
index b2e727a..e765328 100644
--- a/share/html/m/_elements/wrapper
+++ b/share/html/m/_elements/wrapper
@@ -50,8 +50,7 @@ $title => ''
$show_home_button => 1
</%args>
<%init>
-if ($DECODED_ARGS->{'NotMobile'}) {
- $session{'NotMobile'} = 1;
+if ($session{'NotMobile'}) {
RT::Interface::Web::Redirect(RT->Config->Get('WebURL'));
$m->abort();
}
diff --git a/share/html/m/login b/share/html/m/login
index 99585e2..38381a0 100644
--- a/share/html/m/login
+++ b/share/html/m/login
@@ -105,7 +105,7 @@ unless (!defined($uri->authority) || $uri->authority eq $uri_base_url->authority
<& /Elements/Submit, Label => loc('Login')&>
% foreach my $key (keys %ARGS) {
-% if (($key ne 'user') and ($key ne 'pass')) {
+% if ( $key !~ /^(?:user|pass|actions)$/ ) {
% if (ref($ARGS{$key}) =~ /ARRAY/) {
% foreach my $val (@{$ARGS{$key}}) {
<input type="hidden" class="hidden" name="<%$key %>" value="<% $val %>" />
commit 76b8a64bf81781cfd8462de91b38019c9fbf73a5
Author: sunnavy <sunnavy at bestpractical.com>
Date: Tue Jul 3 01:20:06 2012 +0800
mimic the login error message for mobile login
diff --git a/share/html/m/_elements/raw_style b/share/html/m/_elements/raw_style
index e19e2a6..fcf7e7a 100644
--- a/share/html/m/_elements/raw_style
+++ b/share/html/m/_elements/raw_style
@@ -489,3 +489,12 @@ textarea {
a#fullsite {
padding-left: 1em;
}
+
+div.error .titlebox-title {
+ background-color: #f00;
+ color: #fff;
+}
+
+div.error div.error {
+ background-color: #fcc;
+}
diff --git a/share/html/m/login b/share/html/m/login
index 38381a0..c74576e 100644
--- a/share/html/m/login
+++ b/share/html/m/login
@@ -81,12 +81,12 @@ unless (!defined($uri->authority) || $uri->authority eq $uri_base_url->authority
</style>
<h1><&|/l, RT->Config->Get('rtname') &>RT for [_1]</&></h1>
<div id="body" class="login-body">
-% if ($Error) {
-<&| "/Widgets/TitleBox", title => loc('Error'), hideable => 0, class => 'error' &>
-<% $Error %>
-</&>
-% }
+<& /Elements/ListActions,
+ title => loc('Error'),
+ titlebox => { class => 'error', hideable => 0 },
+ actions => $actions,
+&>
<div id="login-box">
<&| /Widgets/TitleBox, title => loc('Login'), hideable => 0 &>
@@ -127,5 +127,5 @@ unless (!defined($uri->authority) || $uri->authority eq $uri_base_url->authority
$user => ""
$pass => undef
$goto => undef
-$Error => undef
+$actions => undef
</%ARGS>
commit 78b7db504afbe489f5fcf2049745354af7879342
Author: sunnavy <sunnavy at bestpractical.com>
Date: Wed Dec 14 13:36:07 2011 +0800
basic login test
diff --git a/t/web/login.t b/t/web/login.t
new file mode 100644
index 0000000..d0213c3
--- /dev/null
+++ b/t/web/login.t
@@ -0,0 +1,133 @@
+use strict;
+use warnings;
+
+use RT::Test tests => 34;
+
+my ( $baseurl, $m ) = RT::Test->started_ok;
+
+my $ticket = RT::Test->create_ticket(
+ Subject => 'ticket_foo',
+ Queue => 'General',
+);
+
+my ( $user, $pass ) = ( 'root', 'password' );
+
+diag "normal login";
+{
+ $m->get($baseurl);
+ $m->title_is('Login');
+ is( $m->uri, $baseurl, "right url" );
+
+ $m->submit_form(
+ form_id => 'login',
+ fields => {
+ user => $user,
+ pass => 'wrong pass',
+ }
+ );
+ $m->content_contains( "Your username or password is incorrect",
+ 'login error message' );
+ $m->warning_like( qr/FAILED LOGIN for root/,
+ "got failed login warning" );
+
+ $m->submit_form(
+ form_id => 'login',
+ fields => {
+ user => $user,
+ pass => $pass,
+ }
+ );
+
+ $m->title_is( 'RT at a glance', 'logged in' );
+
+ $m->follow_link_ok( { text => 'Logout' }, 'follow logout' );
+ $m->title_is( 'Logout', 'logout' );
+}
+
+diag "tangent login";
+
+{
+ $m->get( $baseurl . '/Ticket/Display.html?id=1' );
+ $m->title_is('Login');
+ $m->submit_form(
+ form_id => 'login',
+ fields => {
+ user => $user,
+ pass => $pass,
+ }
+ );
+ like( $m->uri, qr{/Ticket/Display\.html}, 'normal ticket page' );
+ $m->follow_link_ok( { text => 'Logout' }, 'follow logout' );
+}
+
+diag "mobile login with not mobile client";
+{
+ $m->get( $baseurl . '/m' );
+ is( $m->uri, $baseurl . '/m', "right url" );
+ $m->content_contains( "/m/index.html?NotMobile=1", 'mobile login' );
+
+ $m->submit_form(
+ form_id => 'login',
+ fields => {
+ user => $user,
+ pass => 'wrong pass',
+ }
+ );
+ $m->content_contains( "Your username or password is incorrect",
+ 'login error message' );
+ $m->warning_like( qr/FAILED LOGIN for root/,
+ "got failed login warning" );
+
+ $m->submit_form(
+ form_id => 'login',
+ fields => {
+ user => $user,
+ pass => $pass,
+ }
+ );
+ like( $m->uri, qr{\Q$baseurl/m\E}, "mobile url" );
+ $m->follow_link_ok( { text => 'Logout' }, 'follow logout' );
+ $m->content_contains( "/m/index.html?NotMobile=1",
+ 'back to mobile login page' );
+ $m->content_lacks( 'Logout', 'really logout' );
+}
+
+
+diag "mobile normal login";
+{
+
+ # default browser in android 2.3.6
+ $m->agent(
+"Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; Nexus One Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
+ );
+
+ $m->get($baseurl);
+ is( $m->uri, $baseurl, "right url" );
+ $m->content_contains( "/m/index.html?NotMobile=1", 'mobile login' );
+ $m->submit_form(
+ form_id => 'login',
+ fields => {
+ user => $user,
+ pass => $pass,
+ }
+ );
+ is( $m->uri, $baseurl . '/m/', "mobile url" );
+ $m->follow_link_ok( { text => 'Logout' }, 'follow logout' );
+ $m->content_contains( "/m/index.html?NotMobile=1", 'back to mobile login page' );
+ $m->content_lacks( 'Logout', 'really logout' );
+}
+
+diag "mobile tangent login";
+{
+ $m->get( $baseurl . '/Ticket/Display.html?id=1' );
+ $m->content_contains( "/m/index.html?NotMobile=1", 'mobile login' );
+ $m->submit_form(
+ form_id => 'login',
+ fields => {
+ user => $user,
+ pass => $pass,
+ }
+ );
+ like( $m->uri, qr{/m/ticket/show}, 'mobile ticket page' );
+}
+
commit ea40af18601d337d4c8e067942b07ca81e78d774
Author: Thomas Sibley <trs at bestpractical.com>
Date: Mon Dec 17 12:52:06 2012 -0800
Don't let the NotMobile query param trigger CSRF
Otherwise clicking the "Not a mobile browser?" link can trigger CSRF
warnings.
diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 00d6d3c..67ee608 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1296,6 +1296,10 @@ sub IsCompCSRFWhitelisted {
# with, HomeRefreshInterval, which is safe
delete $args{HomeRefreshInterval};
+ # The NotMobile flag is fine for any page; it's only used to toggle a flag
+ # in the session related to which interface you get.
+ delete $args{NotMobile};
+
# If there are no arguments, then it's likely to be an idempotent
# request, which are not susceptible to CSRF
return 1 if !%args;
commit e7e391ce9da59cdd2daa0c20e6844f46d0dfa5ba
Author: Thomas Sibley <trs at bestpractical.com>
Date: Mon Dec 17 13:05:30 2012 -0800
Preserve page anchors on the mobile login as well
Ported from 9a57c79, without the use of jQuery. Requires always
submitting to /NoAuth/Login.html instead of the old dynamic form action
logic. That's OK because Login.html now renders the mobile login page
if necessary. The dynamic form action logic was previously removed from
the main /Elements/Login during the original login reworking.
diff --git a/share/html/m/login b/share/html/m/login
index c74576e..c3abd53 100644
--- a/share/html/m/login
+++ b/share/html/m/login
@@ -45,36 +45,6 @@
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-<%INIT>
-
-my $req_uri;
-
-if (UNIVERSAL::can($r, 'uri') and $r->uri =~ m{.*/m/(.*)}) {
- $req_uri = '/m/'.$1;
-}
-
-my $default_path = RT->Config->Get('WebPath') ."/m/";
-
-my $form_action = defined $goto ? $goto
- : defined $req_uri ? $req_uri
- : $default_path
- ;
-
-# sanitize $form_action
-my $uri = URI->new($form_action);
-
-# You get undef scheme with a relative uri like "/Search/Build.html"
-unless (!defined($uri->scheme) || $uri->scheme eq 'http' || $uri->scheme eq 'https') {
- $form_action = $default_path;
-}
-
-# Make sure we're logging in to the same domain
-# You can get an undef authority with a relative uri like "index.html"
-my $uri_base_url = URI->new(RT->Config->Get('WebURL')."m/");
-unless (!defined($uri->authority) || $uri->authority eq $uri_base_url->authority) {
- $form_action = $default_path;
-}
-</%INIT>
<&| /m/_elements/wrapper, show_home_button => 0 &>
<style>
<& /m/_elements/raw_style &>
@@ -92,7 +62,7 @@ unless (!defined($uri->authority) || $uri->authority eq $uri_base_url->authority
<&| /Widgets/TitleBox, title => loc('Login'), hideable => 0 &>
% unless (RT->Config->Get('WebExternalAuth') and !RT->Config->Get('WebFallbackToInternalAuth')) {
-<form id="login" name="login" method="post" action="<% $form_action %>">
+<form id="login" name="login" method="post" action="<% RT->Config->Get("WebPath") %>/NoAuth/Login.html">
<div class="entry">
<span class="label"><&|/l&>Username</&>:</span><span class="value"><input type="text" name="user" value="<%$user%>" id="user" /></span>
@@ -117,6 +87,15 @@ unless (!defined($uri->authority) || $uri->authority eq $uri_base_url->authority
% }
% }
</form>
+
+<script type="text/javascript">
+if (window.location.hash) {
+ var form = (document.getElementsByName("login"))[0];
+ if (form) {
+ form.action = form.action + '#' + window.location.hash.replace(/^#/, '');
+ }
+}
+</script>
% }
</&>
</div><!-- #login-box -->
commit 4b1ddff04fee8f495050505c97f5734bedce2b19
Author: Thomas Sibley <trs at bestpractical.com>
Date: Mon Dec 17 13:10:08 2012 -0800
Inform the user logging in about potential side-effects on mobile login too
Ported from 5d56935.
diff --git a/share/html/m/login b/share/html/m/login
index c3abd53..f956bac 100644
--- a/share/html/m/login
+++ b/share/html/m/login
@@ -61,6 +61,8 @@
<div id="login-box">
<&| /Widgets/TitleBox, title => loc('Login'), hideable => 0 &>
+<& /Elements/LoginRedirectWarning, %ARGS &>
+
% unless (RT->Config->Get('WebExternalAuth') and !RT->Config->Get('WebFallbackToInternalAuth')) {
<form id="login" name="login" method="post" action="<% RT->Config->Get("WebPath") %>/NoAuth/Login.html">
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list