<table cellpadding="1" cellspacing="1" border="1">
<tbody>
<tr>
- <td>open</td>
- <td>/sessions/logout</td>
- <td></td>
- </tr>
- <tr>
- <td>open</td>
- <td>/issues/search#resolved=true|statuses=OPEN</td>
- <td></td>
- </tr>
- <tr>
- <td>assertLocation</td>
- <td>*/sessions/new*</td>
- <td></td>
- </tr>
- <tr>
- <td>assertElementPresent</td>
- <td>login_form</td>
- <td></td>
- </tr>
- <tr>
- <td>type</td>
- <td>id=login</td>
- <td>wrong login</td>
- </tr>
- <tr>
- <td>type</td>
- <td>id=password</td>
- <td>wrong password</td>
- </tr>
- <tr>
- <td>clickAndWait</td>
- <td>commit</td>
- <td></td>
- </tr>
- <tr>
- <td>type</td>
- <td>id=login</td>
- <td>admin</td>
- </tr>
- <tr>
- <td>type</td>
- <td>id=password</td>
- <td>admin</td>
- </tr>
- <tr>
- <td>clickAndWait</td>
- <td>commit</td>
- <td></td>
- </tr>
- <tr>
- <td>assertLocation</td>
- <td>*#resolved=true|statuses=OPEN*</td>
- <td></td>
- </tr>
- </tbody>
+ <td>open</td>
+ <td>/sessions/logout</td>
+ <td></td>
+</tr>
+<tr>
+ <td>open</td>
+ <td>/issues/search#resolved=true|statuses=OPEN</td>
+ <td></td>
+</tr>
+<tr>
+ <td>assertLocation</td>
+ <td>*/sessions/new*</td>
+ <td></td>
+</tr>
+<tr>
+ <td>assertElementPresent</td>
+ <td>login_form</td>
+ <td></td>
+</tr>
+<tr>
+ <td>type</td>
+ <td>id=login</td>
+ <td>wrong login</td>
+</tr>
+<tr>
+ <td>type</td>
+ <td>id=password</td>
+ <td>wrong password</td>
+</tr>
+<tr>
+ <td>click</td>
+ <td>commit</td>
+ <td></td>
+</tr>
+<tr>
+ <td>waitForText</td>
+ <td>css=.alert</td>
+ <td>*Authentication failed*</td>
+</tr>
+<tr>
+ <td>type</td>
+ <td>id=login</td>
+ <td>admin</td>
+</tr>
+<tr>
+ <td>type</td>
+ <td>id=password</td>
+ <td>admin</td>
+</tr>
+<tr>
+ <td>clickAndWait</td>
+ <td>commit</td>
+ <td></td>
+</tr>
+<tr>
+ <td>assertLocation</td>
+ <td>*#resolved=true|statuses=OPEN*</td>
+ <td></td>
+</tr>
+</tbody>
</table>
</body>
</html>
layout 'nonav'
skip_before_filter :check_authentication
-
- def login
- return unless request.post?
-
- return_to = session[:return_to]
-
- # Needed to bypass session fixation vulnerability (https://jira.sonarsource.com/browse/SONAR-6880)
- reset_session
- if return_to
- # user clicked on the link "login" : redirect to the original uri after authentication
- session[:return_to] = Api::Utils.absolute_to_relative_url(return_to)
- # else the original uri can be set by ApplicationController#access_denied
- end
-
- begin
- self.current_user = User.authenticate(params[:login], params[:password], servlet_request)
- if logged_in?
- redirect_back_or_default(home_url)
- else
- render_unauthenticated
- end
- rescue Errors::AccessDenied
- render_unauthenticated
- end
+ def login
+ redirect_to :action => 'new'
end
-
+
def logout
if logged_in?
self.current_user.on_logout
if params[:return_to]
# user clicked on the link "login" : redirect to the original uri after authentication
session[:return_to] = Api::Utils.absolute_to_relative_url(params[:return_to])
+ return_to = Api::Utils.absolute_to_relative_url(params[:return_to])
# else the original uri can be set by ApplicationController#access_denied
end
+ @return_to = get_redirect_back_or_default(home_url)
+
+ # Needed to bypass session fixation vulnerability (https://jira.sonarsource.com/browse/SONAR-6880)
+ reset_session
end
private
- def render_unauthenticated
- @return_to_anchor = params[:return_to_anchor]
- flash.now[:loginerror] = message('session.flash_notice.authentication_failed')
+ # Get redirection to the URI stored by the most recent store_location call or to the passed default.
+ def get_redirect_back_or_default(default)
+ # Prevent CSRF attack -> do not accept absolute urls
+ url = session[:return_to] || default
+ begin
+ url = URI(url).request_uri
+ rescue
+ url
+ end
+ anchor=params[:return_to_anchor]
+ url += anchor if anchor && anchor.start_with?('#')
+ url
end
end
</section>
<% end %>
-<form id="login_form" action="<%= url_for :controller => 'sessions', :action => 'login' -%>" method="post">
+<form id="login_form" action="<%= ApplicationController.root_context -%>/api/authentication/login" method="post">
<input type="hidden" name="return_to_anchor" value="<%= h @return_to_anchor %>">
- <% if flash[:loginerror] %>
- <div class="alert alert-danger"> <%= flash[:loginerror] %></div>
- <% end %>
- <% if flash[:notice] %>
- <div class="alert alert-info"><%= flash[:notice] %></div>
- <% end %>
+ <div class="alert alert-danger hidden"><%= message('session.flash_notice.authentication_failed') %></div>
<div class="big-spacer-bottom">
<label for="login" class="login-label"><%= message('login') %></label>
returnToAnchor.val(window.location.hash);
}
})(window.jQuery);
+
+ $j("#login_form").modalForm({
+ success: function () {
+ window.location = '<%= ApplicationController.root_context + h(@return_to) -%>' + $j('[name="return_to_anchor"]').val();
+ },
+ error: function () {
+ jQuery('.alert').removeClass('hidden');
+ }
+ });
</script>
projects / sonarqube.git / commitdiff