jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Use standalone login screen instead of OAuth

Browse Source
This commit is contained in:
Johannes Zellner
2020-02-04 14:35:59 +01:00
parent d5e4453f15
commit 92be875a2f
5 changed files with 162 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/js/client.js
View File

@@ -1751,28 +1751,16 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
Client.prototype.login = function () {
this.setToken(null);
this._userInfo = {};
var callbackURL = window.location.protocol + '//' + window.location.host + '/login_callback.html';
var scope = 'root,profile,apps';
// generate a state id to protect agains csrf
var state = Math.floor((1 + Math.random()) * 0x1000000000000).toString(16).substring(1);
window.localStorage.oauth2State = state;
// stash for further use in login_callback
window.localStorage.returnTo = '/' + window.location.hash;
window.location.href = this.apiOrigin + '/api/v1/oauth/dialog/authorize?response_type=token&client_id=' + this._clientId + '&redirect_uri=' + callbackURL + '&scope=' + scope + '&state=' + state;
window.location.href = '/login.html?returnTo=/' + encodeURIComponent(window.location.hash);
};
Client.prototype.logout = function (allSessions) {
Client.prototype.logout = function () {
var token = this.getToken();
this.setToken(null);
this._userInfo = {};
// logout from OAuth session
var origin = window.location.protocol + '//' + window.location.host;
window.location.href = this.apiOrigin + '/api/v1/session/logout?redirect=' + origin + (allSessions ? '&all=true' : '');
// invalidates the token
window.location.href = client.apiOrigin + '/api/v1/cloudron/logout?access_token=' + token;
};
// this is ununsed because webadmin uses implicit grant flow