From d15041f84713e60eb28a6e22fadfd80ab3cd76b0 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sat, 6 Feb 2021 15:04:33 +0000 Subject: [PATCH] Use POST to submit OpenID login form Fixes #3084 --- app/assets/javascripts/login.js | 14 --------- app/views/users/login.html.erb | 55 ++++++++++++++++----------------- 2 files changed, 27 insertions(+), 42 deletions(-) diff --git a/app/assets/javascripts/login.js b/app/assets/javascripts/login.js index 8963c07b6..5853193bc 100644 --- a/app/assets/javascripts/login.js +++ b/app/assets/javascripts/login.js @@ -24,18 +24,4 @@ $(document).ready(function () { // Hide OpenID field for now $("#login_openid_url").hide(); $("#login_openid_submit").hide(); - - // Handle OpenID submission by redirecting to omniauth - $("#openid_login_form").submit(function () { - var action = $(this).prop("action"), - openid_url = $(this).find("#openid_url").val(), - referer = $(this).find("#openid_referer").val(), - args = {}; - args.openid_url = openid_url; - if (referer) { - args.referer = referer; - } - window.location = action + "?" + Qs.stringify(args); - return false; - }); }); diff --git a/app/views/users/login.html.erb b/app/views/users/login.html.erb index 78ba25fa4..ab54fba82 100644 --- a/app/views/users/login.html.erb +++ b/app/views/users/login.html.erb @@ -21,48 +21,47 @@ <%= f.primary t(".login_button"), :tabindex => 4 %> <% end %> - <%= form_tag(auth_path(:provider => "openid"), :id => "openid_login_form") do %> -
+
-
+
-

<%= t ".with external" %>

+

<%= t ".with external" %>

-
    -
  • <%= link_to image_tag("openid.png", :alt => t(".auth_providers.openid.title")), "#", :id => "openid_open_url", :title => t(".auth_providers.openid.title") %>
    • - <% if Settings.key?(:google_auth_id) -%> -
  • <%= auth_button "google", "google" %>
    • - <% end -%> - <% if Settings.key?(:facebook_auth_id) -%> -
  • <%= auth_button "facebook", "facebook" %>
    • - <% end -%> - <% if Settings.key?(:windowslive_auth_id) -%> -
  • <%= auth_button "windowslive", "windowslive" %>
    • - <% end -%> - <% if Settings.key?(:github_auth_id) -%> -
  • <%= auth_button "github", "github" %>
    • - <% end -%> - <% if Settings.key?(:wikipedia_auth_id) -%> -
  • <%= auth_button "wikipedia", "wikipedia" %>
    • - <% end -%> -
  • <%= auth_button "yahoo", "openid", :openid_url => "yahoo.com" %>
    • -
  • <%= auth_button "wordpress", "openid", :openid_url => "wordpress.com" %>
    • -
  • <%= auth_button "aol", "openid", :openid_url => "aol.com" %>
    • -
+
    +
  • <%= link_to image_tag("openid.png", :alt => t(".auth_providers.openid.title")), "#", :id => "openid_open_url", :title => t(".auth_providers.openid.title") %>
    • + <% if Settings.key?(:google_auth_id) -%> +
  • <%= auth_button "google", "google" %>
    • + <% end -%> + <% if Settings.key?(:facebook_auth_id) -%> +
  • <%= auth_button "facebook", "facebook" %>
    • + <% end -%> + <% if Settings.key?(:windowslive_auth_id) -%> +
  • <%= auth_button "windowslive", "windowslive" %>
    • + <% end -%> + <% if Settings.key?(:github_auth_id) -%> +
  • <%= auth_button "github", "github" %>
    • + <% end -%> + <% if Settings.key?(:wikipedia_auth_id) -%> +
  • <%= auth_button "wikipedia", "wikipedia" %>
    • + <% end -%> +
  • <%= auth_button "yahoo", "openid", :openid_url => "yahoo.com" %>
    • +
  • <%= auth_button "wordpress", "openid", :openid_url => "wordpress.com" %>
    • +
  • <%= auth_button "aol", "openid", :openid_url => "aol.com" %>
    • +
+ <%= form_tag(auth_path(:provider => "openid"), :id => "openid_login_form") do %>
- <%= hidden_field_tag("openid_referer", params[:referer]) if params[:referer] %> + <%= hidden_field_tag("referer", params[:referer]) %> <%= text_field_tag("openid_url", "", :tabindex => 3, :class => "openid_url") %> (" target="_new"><%= t "users.account.openid.link text" %>)
<%= submit_tag t(".login_button"), :tabindex => 6, :id => "login_openid_submit" %> + <% end %>
- <% end %> -
-- 2.43.2