Fix user logout (#924)
* Logout is now a posted form Instead of using a get method, I've moved it to a post method. Doing that made possible to use CSRF token and also fix #902 * Update _badgemenu.html
Cette révision appartient à :
akuma06
ewhal
Parent
e60eceba63
révision
75528da943
4 fichiers modifiés avec 15 ajouts et 6 suppressions
|
|
@ -961,3 +961,7 @@ input.filelist-checkbox:checked + table.table-filelist {
|
|||
.btn-blue:hover, .btn-red:hover, .btn-green:hover, .btn-orange:hover {
|
||||
opacity: 0.7;
|
||||
}
|
||||
|
||||
input.nav-btn {
|
||||
cursor: pointer;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ func init() {
|
|||
userRoutes.HandleFunc("/register", UserRegisterFormHandler).Name("user_register").Methods("GET")
|
||||
userRoutes.HandleFunc("/login", UserLoginFormHandler).Name("user_login").Methods("GET")
|
||||
userRoutes.HandleFunc("/register", UserRegisterPostHandler).Name("user_register").Methods("POST")
|
||||
userRoutes.HandleFunc("/logout", UserLogoutHandler).Name("user_logout")
|
||||
userRoutes.HandleFunc("/logout", UserLogoutHandler).Name("user_logout").Methods("POST")
|
||||
userRoutes.Handle("/{id}/{username}", wrapHandler(gzipUserProfileHandler)).Name("user_profile").Methods("GET")
|
||||
userRoutes.HandleFunc("/{id}/{username}/follow", UserFollowHandler).Name("user_follow").Methods("GET")
|
||||
userRoutes.Handle("/{id}/{username}/edit", wrapHandler(gzipUserDetailsHandler)).Name("user_profile_details").Methods("GET")
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@ import (
|
|||
"github.com/NyaaPantsu/nyaa/service/user/form"
|
||||
"github.com/NyaaPantsu/nyaa/service/user/permission"
|
||||
"github.com/NyaaPantsu/nyaa/util/crypto"
|
||||
"github.com/NyaaPantsu/nyaa/util/publicSettings"
|
||||
msg "github.com/NyaaPantsu/nyaa/util/messages"
|
||||
"github.com/NyaaPantsu/nyaa/util/modelHelper"
|
||||
"github.com/NyaaPantsu/nyaa/util/publicSettings"
|
||||
"github.com/gorilla/mux"
|
||||
)
|
||||
|
||||
|
|
@ -293,9 +293,14 @@ func UserLoginPostHandler(w http.ResponseWriter, r *http.Request) {
|
|||
// UserLogoutHandler : Controller to logout users
|
||||
func UserLogoutHandler(w http.ResponseWriter, r *http.Request) {
|
||||
defer r.Body.Close()
|
||||
_, _ = userService.ClearCookie(w)
|
||||
url, _ := Router.Get("home").URL()
|
||||
http.Redirect(w, r, url.String(), http.StatusSeeOther)
|
||||
logout := r.FormValue("logout")
|
||||
if logout != "" {
|
||||
_, _ = userService.ClearCookie(w)
|
||||
url, _ := Router.Get("home").URL()
|
||||
http.Redirect(w, r, url.String(), http.StatusSeeOther)
|
||||
} else {
|
||||
NotFoundHandler(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
// UserFollowHandler : Controller to follow/unfollow users, need user id to follow
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
<a class="nav-btn" href="{{ genRoute "user_notifications" }}">{{ call $.T "my_notifications"}} <span class="badge">({{ .GetUnreadNotifications }})</span></a>
|
||||
<a class="nav-btn" href="{{ genRoute "user_profile_edit" "id" (print .ID) "username" .Username }}">{{call $.T "settings"}}</a>
|
||||
{{if HasAdmin . }}<a class="nav-btn" href="{{ genRoute "mod_index" }}">{{call $.T "moderation"}}</a>{{end}}
|
||||
<a class="nav-btn" href="{{ genRoute "user_logout" }}">{{ call $.T "sign_out"}}</a></li>
|
||||
<form action="{{ genRoute "user_logout" }}" method="POST">{{ template "csrf_field" $ }}<input class="nav-btn" type="submit" name="logout" value="{{ call $.T "sign_out"}}"></form>
|
||||
</div>
|
||||
{{ else }}
|
||||
<a href="{{ genRoute "user_login" }}" class="nav-btn">
|
||||
|
|
|
|||
Référencer dans un nouveau ticket