Skip to content

Rework controller and autorization flow #595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Mar 8, 2023
Merged

Rework controller and autorization flow #595

merged 6 commits into from
Mar 8, 2023

Conversation

line-o
Copy link
Member

@line-o line-o commented Feb 13, 2023
edited
Loading

Fixes #164

  • add login page as static HTML (adapted from dashboard)
  • rewrite controller to always authenticate requests
  • add routes handling new flow
  • add background SVG for login page

Here is a screenshot of Safari (top left), Edge (top right), Chrome (bottom left), Firefox (bottom right) showing the login page.

Screenshot 2023-02-13 at 23 36 06

@line-o
Rework controller and autorization flow
e21a68f 
Fixes eXist-db#164

- add login page as static HTML (adapted from dashboard)
- rewrite controller to always authenticate requests
- add routes handling new flow
- add background SVG for login page
@line-o
Copy link
Member Author

line-o commented Feb 13, 2023
edited
Loading

TIL that git push -d deletes a branch :/ Well, I recreated the PR #594

@line-o line-o requested review from duncdrum, JoernT and joewiz February 14, 2023 09:45
duncdrum
duncdrum approved these changes Feb 16, 2023
View reviewed changes
Copy link
Contributor

@duncdrum duncdrum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great thank @line-o

line-o
line-o commented Feb 16, 2023
View reviewed changes
line-o
line-o commented Feb 16, 2023
View reviewed changes
line-o
line-o commented Feb 16, 2023
View reviewed changes
@joewiz
Copy link
Member

joewiz commented Mar 4, 2023
edited
Loading

I have checked out this branch and built and installed it into eXist 6.2.0. I can confirm that setting guest=no in eXide's configuration.xml file to cause any request to eXide to redirect to http://localhost:8080/exist/apps/eXide/login.html - with the page appearing as shown in the screenshots above. When guest=yes (as it is by default), this PR does not alter eXide's login UI at all.

@line-o Is this intentional, or was the new login screen meant to replace the original login UI too?

One suggestion. The placeholder for the user input field itsme is unusual. I'd recommend changing this placeholder text to "Username..." Similarly, the placeholder for the password input ifeld ·········· makes it appear as if a password has already been entered, so I'd recommend changing this placeholder text to "Password..."

@line-o
Copy link
Member Author

line-o commented Mar 4, 2023

@joewiz thank you for taking the time to review my PR.

Does the login page replace the current login form?

Yes, when guest access is restricted it is unsafe to even show the eXide page. If you are logged in and this can see eXide the form will still work and allow to switch to a different user.

Nothing changes for instances where guest access is allowed.

unconventional placeholders

I will change the placeholders as you suggested.

@joewiz joewiz merged commit eee1137 into eXist-db:develop Mar 8, 2023
@line-o line-o deleted the fix/guest-no branch March 10, 2023 06:57
@line-o line-o mentioned this pull request Jul 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joewiz joewiz joewiz approved these changes

@duncdrum duncdrum duncdrum approved these changes

@JoernT JoernT Awaiting requested review from JoernT

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

With configuration.xml set to guest=no, login is impossible
3 participants
@line-o @joewiz @duncdrum