From fb7bc50673f226070c5399bd6bbf07b91eeda01e Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sat, 15 Feb 2014 10:44:37 +0100 Subject: Fix bug token The token should appear in RSS feed url when anonymous are not allowed --- app/Controllers/indexController.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'app/Controllers/indexController.php') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 986a322a1..af08edb46 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -5,18 +5,15 @@ class FreshRSS_index_Controller extends Minz_ActionController { public function indexAction () { $output = Minz_Request::param ('output'); - $token = ''; + $token = $this->view->conf->token; // check if user is logged in - if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) - { - $token = $this->view->conf->token; + if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) { $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token === $token_param); if (!($output === 'rss' && $token_is_ok)) { return; } - $params['token'] = $token; } // construction of RSS url of this feed @@ -25,6 +22,9 @@ class FreshRSS_index_Controller extends Minz_ActionController { if (isset ($params['search'])) { $params['search'] = urlencode ($params['search']); } + if (!Minz_Configuration::allowAnonymous()) { + $params['token'] = $token; + } $this->view->rss_url = array ( 'c' => 'index', 'a' => 'index', -- cgit v1.2.3 From a34941f41875bcc9d260c8dfcf9d44a00f835bc9 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sat, 15 Feb 2014 11:43:07 +0100 Subject: Improve code redirection for indexController - add comments - forward request is done in the controller (no Minz_Request::forward() in the view, please) - "soft" forward to the login form (no need of 302) - show a 403 page (no authenticated) for rss output when token is wrong --- app/Controllers/feedController.php | 5 ++++- app/Controllers/indexController.php | 11 ++++++++++- app/views/index/index.phtml | 19 +++++-------------- 3 files changed, 19 insertions(+), 16 deletions(-) (limited to 'app/Controllers/indexController.php') diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 7114fc196..c718fcd5c 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -3,7 +3,10 @@ class FreshRSS_feed_Controller extends Minz_ActionController { public function firstAction () { if (!$this->view->loginOk) { - $token = $this->view->conf->token; //TODO: check the token logic again, and if it is still needed + // Token is useful in the case that anonymous refresh is forbidden + // and CRON task cannot be used with php command so the user can + // set a CRON task to refresh his feeds by using token inside url + $token = $this->view->conf->token; $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token == $token_param); $action = Minz_Request::actionName (); diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index af08edb46..a680c914a 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -11,7 +11,16 @@ class FreshRSS_index_Controller extends Minz_ActionController { if (!$this->view->loginOk && !Minz_Configuration::allowAnonymous()) { $token_param = Minz_Request::param ('token', ''); $token_is_ok = ($token != '' && $token === $token_param); - if (!($output === 'rss' && $token_is_ok)) { + if ($output === 'rss' && !$token_is_ok) { + Minz_Error::error ( + 403, + array ('error' => array (Minz_Translate::t ('access_denied'))) + ); + return; + } elseif ($output !== 'rss') { + // "hard" redirection is not required, just ask dispatcher to + // forward to the login form without 302 redirection + Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin')); return; } } diff --git a/app/views/index/index.phtml b/app/views/index/index.phtml index 1810a95b3..78271291e 100644 --- a/app/views/index/index.phtml +++ b/app/views/index/index.phtml @@ -3,9 +3,7 @@ $output = Minz_Request::param ('output', 'normal'); if ($this->loginOk || Minz_Configuration::allowAnonymous()) { - if ($output === 'normal') { - $this->renderHelper ('view/normal_view'); - } elseif ($output === 'rss') { + if ($output === 'rss') { $this->renderHelper ('view/rss_view'); } elseif ($output === 'reader') { $this->renderHelper ('view/reader_view'); @@ -17,16 +15,9 @@ if ($this->loginOk || Minz_Configuration::allowAnonymous()) { $this->renderHelper ('view/normal_view'); } } elseif ($output === 'rss') { - // TODO: verification of token and redirection must be done in the - // controller, not in the view - $token = $this->conf->token; - $token_param = Minz_Request::param ('token', ''); - $token_is_ok = ($token != '' && $token == $token_param); - if ($token_is_ok) { - $this->renderHelper ('view/rss_view'); - } else { - Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'), true); - } + // token has already been checked in the controller so we can show the view + $this->renderHelper ('view/rss_view'); } else { - Minz_Request::forward(array('c' => 'index', 'a' => 'formLogin'), true); + // Normally, it should not happen, but log it anyway + Minz_Log::record ('Something is wrong in ' . __FILE__ . ' line ' . __LINE__, Minz_Log::ERROR); } -- cgit v1.2.3 From cddec2d76f2c5d25d3008d5e2a60fddad6028a5d Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sat, 15 Feb 2014 12:25:06 +0100 Subject: Improve login page - if user cannot log in, a 403 error is showed (and it is done in controller) - 403 error message has been changed to match with the error - add blank spaces on persona login page --- app/Controllers/indexController.php | 5 ++++ app/i18n/en.php | 3 +- app/i18n/fr.php | 3 +- app/views/error/index.phtml | 10 ++++++- app/views/index/formLogin.phtml | 56 ++++++++++++++++++------------------- p/themes/Dark/global.css | 30 ++++++++++---------- p/themes/Flat/global.css | 30 ++++++++++---------- p/themes/Origine/global.css | 30 ++++++++++---------- 8 files changed, 93 insertions(+), 74 deletions(-) (limited to 'app/Controllers/indexController.php') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index a680c914a..38f4c0e7c 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -351,6 +351,11 @@ class FreshRSS_index_Controller extends Minz_ActionController { } $this->view->_useLayout(false); Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); + } elseif (!Minz_Configuration::canLogIn()) { + Minz_Error::error ( + 403, + array ('error' => array (Minz_Translate::t ('access_denied'))) + ); } invalidateHttpCache(); } diff --git a/app/i18n/en.php b/app/i18n/en.php index fd51eb1ca..790e853f5 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -3,6 +3,7 @@ return array ( // LAYOUT 'login' => 'Login', + 'login_with_persona' => 'Login with Persona', 'logout' => 'Logout', 'search' => 'Search words or #tags', 'search_short' => 'Search', @@ -276,7 +277,7 @@ return array ( 'logs_empty' => 'Log file is empty', 'clear_logs' => 'Clear the logs', - 'forbidden_access' => 'Access forbidden! (%s)', + 'forbidden_access' => 'Access is forbidden!', 'login_required' => 'Login required:', 'confirm_action' => 'Are you sure you want to perform this action? It cannot be cancelled!', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index 17e26f493..572bc1628 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -3,6 +3,7 @@ return array ( // LAYOUT 'login' => 'Connexion', + 'login_with_persona' => 'Connexion avec Persona', 'logout' => 'Déconnexion', 'search' => 'Rechercher des mots ou des #tags', 'search_short' => 'Rechercher', @@ -276,7 +277,7 @@ return array ( 'logs_empty' => 'Les logs sont vides', 'clear_logs' => 'Effacer les logs', - 'forbidden_access' => 'Accès interdit ! (%s)', + 'forbidden_access' => 'L’accès vous est interdit !', 'login_required' => 'Accès protégé par mot de passe :', 'confirm_action' => 'Êtes-vous sûr(e) de vouloir continuer ? Cette action ne peut être annulée !', diff --git a/app/views/error/index.phtml b/app/views/error/index.phtml index 36fcb56f9..6a09c3aa2 100644 --- a/app/views/error/index.phtml +++ b/app/views/error/index.phtml @@ -3,7 +3,15 @@

code; ?>

-
+

diff --git a/app/views/index/formLogin.phtml b/app/views/index/formLogin.phtml index e4560c1a0..cc925ea59 100644 --- a/app/views/index/formLogin.phtml +++ b/app/views/index/formLogin.phtml @@ -1,34 +1,32 @@
-

-

- - -

- - -
- -

- -

-
+
+ + +
+
+ + +
+ +
+
+ +
+

FreshRSS

-

+ case 'persona': + ?>

+ + +

-

+

diff --git a/p/themes/Dark/global.css b/p/themes/Dark/global.css index a6acd740a..e296f2188 100644 --- a/p/themes/Dark/global.css +++ b/p/themes/Dark/global.css @@ -512,18 +512,20 @@ input, select, textarea { } /* Prompt (centré) */ -.prompt > h1, .prompt > p { - text-align:center; -} -.prompt > form { - margin:1em auto 2.5em auto; - width:10em; -} -.prompt .btn { - display:block; - margin:.5em auto; -} -.prompt input { - margin:.4em auto 1.1em auto; - width:99%; +.prompt { + text-align: center; } + .prompt label { + text-align: left; + } + .prompt form { + margin: 1em auto 2.5em auto; + width: 10em; + } + .prompt input { + margin: .4em auto 1.1em auto; + width: 100%; + } + .prompt p { + margin: 20px 0; + } diff --git a/p/themes/Flat/global.css b/p/themes/Flat/global.css index 75c328fcb..4044dd781 100644 --- a/p/themes/Flat/global.css +++ b/p/themes/Flat/global.css @@ -515,18 +515,20 @@ input, select, textarea { } /* Prompt (centré) */ -.prompt > h1, .prompt > p { - text-align:center; -} -.prompt > form { - margin:1em auto 2.5em auto; - width:10em; -} -.prompt .btn { - display:block; - margin:.5em auto; -} -.prompt input { - margin:.4em auto 1.1em auto; - width:99%; +.prompt { + text-align: center; } + .prompt label { + text-align: left; + } + .prompt form { + margin: 1em auto 2.5em auto; + width: 10em; + } + .prompt input { + margin: .4em auto 1.1em auto; + width: 100%; + } + .prompt p { + margin: 20px 0; + } diff --git a/p/themes/Origine/global.css b/p/themes/Origine/global.css index c1892d042..5792c9e4d 100644 --- a/p/themes/Origine/global.css +++ b/p/themes/Origine/global.css @@ -528,18 +528,20 @@ input, select, textarea { } /* Prompt (centré) */ -.prompt > h1, .prompt > p { - text-align:center; -} -.prompt > form { - margin:1em auto 2.5em auto; - width:10em; -} -.prompt .btn { - display:block; - margin:.5em auto; -} -.prompt input { - margin:.4em auto 1.1em auto; - width:99%; +.prompt { + text-align: center; } + .prompt label { + text-align: left; + } + .prompt form { + margin: 1em auto 2.5em auto; + width: 10em; + } + .prompt input { + margin: .4em auto 1.1em auto; + width: 100%; + } + .prompt p { + margin: 20px 0; + } -- cgit v1.2.3