Use standalone login screen instead of OAuth

src/js/client.js

@@ -1751,28 +1751,16 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
 
     Client.prototype.login = function () {
         this.setToken(null);
-        this._userInfo = {};
 
-        var callbackURL = window.location.protocol + '//' + window.location.host + '/login_callback.html';
-        var scope = 'root,profile,apps';
-
-        // generate a state id to protect agains csrf
-        var state = Math.floor((1 + Math.random()) * 0x1000000000000).toString(16).substring(1);
-        window.localStorage.oauth2State = state;
-
-        // stash for further use in login_callback
-        window.localStorage.returnTo = '/' + window.location.hash;
-
-        window.location.href = this.apiOrigin + '/api/v1/oauth/dialog/authorize?response_type=token&client_id=' + this._clientId + '&redirect_uri=' + callbackURL + '&scope=' + scope + '&state=' + state;
+        window.location.href = '/login.html?returnTo=/' + encodeURIComponent(window.location.hash);
     };
 
-    Client.prototype.logout = function (allSessions) {
+    Client.prototype.logout = function () {
+        var token = this.getToken();
         this.setToken(null);
-        this._userInfo = {};
 
-        // logout from OAuth session
-        var origin = window.location.protocol + '//' + window.location.host;
-        window.location.href = this.apiOrigin + '/api/v1/session/logout?redirect=' + origin + (allSessions ? '&all=true' : '');
+        // invalidates the token
+        window.location.href = client.apiOrigin + '/api/v1/cloudron/logout?access_token=' + token;
     };
 
     // this is ununsed because webadmin uses implicit grant flow

src/js/login.js

@@ -0,0 +1,46 @@
+'use strict';
+
+/* global angular, $ */
+
+// create main application module
+var app = angular.module('Application', []);
+
+app.controller('LoginController', ['$scope', '$http', function ($scope, $http) {
+    // Stupid angular location provider either wants html5 location mode or not, do the query parsing on my own
+    var search = decodeURIComponent(window.location.search).slice(1).split('&').map(function (item) { return item.indexOf('=') === -1 ? [item, true] : [item.slice(0, item.indexOf('=')), item.slice(item.indexOf('=')+1)]; }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});
+
+    $scope.initialized = false;
+    $scope.busy = false;
+    $scope.error = null;
+    $scope.username = '';
+    $scope.password = '';
+    $scope.totpToken = '';
+
+    $scope.onLogin = function () {
+        $scope.busy = true;
+        $scope.error = null;
+
+        var data = {
+            username: $scope.username,
+            password: $scope.password,
+            totpToken: $scope.totpToken
+        };
+        var apiOrigin = '<%= oauth.apiOrigin %>' || window.location.origin;
+
+        function error() {
+            $scope.busy = false;
+            $scope.error = true;
+
+            $scope.password = '';
+            $scope.loginForm.$setPristine();
+            setTimeout(function () { $('#inputPassword').focus(); }, 200);
+        }
+
+        $http.post(apiOrigin + '/api/v1/cloudron/login', data).success(function (data, status) {
+            if (status !== 200) return error();
+
+            localStorage.token = data.accessToken;
+            window.location.href = search.returnTo || '/';
+        }).error(error);
+    };
+}]);