fix: [users:login] Blackhole on login screen

Fetch, fill and submit a fresh form on login avoiding blackholes due to expired form token
2020-07-30 15:19:09 +02:00 · 2020-07-30 15:19:09 +02:00 · 9599dcd28e
parent 1d6517c7a4
commit 9599dcd28e
1 changed files with 30 additions and 2 deletions
--- a/app/View/Users/login.ctp
+++ b/app/View/Users/login.ctp
@ -42,15 +42,16 @@
            <div class="clear">
            <?php
                echo empty(Configure::read('Security.allow_self_registration')) ? '' : sprintf(
-                    '<a href="%s/users/register" title="%s">%s</span>',
+                    '<a href="%s/users/register" title="%s">%s</a>',
                    $baseurl,
                    __('Registration will be sent to the administrators of the instance for consideration.'),
                    __('No account yet? Register now!')
                );
            ?>
            </div>
+            <button class="btn btn-primary" type="button" onclick="submitLoginForm()"><?= __('Login') ?></button>
        <?php
-            echo $this->Form->button(__('Login'), array('class' => 'btn btn-primary'));
+            echo $this->Form->button(__('Login'), array('class' => 'btn btn-primary hidden'));
            echo $this->Form->end();
            if (Configure::read('ApacheShibbAuth') == true) {
                echo '<div class="clear"></div><a class="btn btn-info" href="/Shibboleth.sso/Login">Login with SAML</a>';
@ -63,3 +64,30 @@
    </tr>
    </table>
 </div>
+
+<script>
+$(document).ready(function() {
+    $('#UserLoginForm').submit(function(event) {
+        event.preventDefault()
+        submitLoginForm()
+    });
+})
+
+function submitLoginForm() {
+    var $form = $('#UserLoginForm')
+    var url = $form.attr('action')
+    var email = $form.find('#UserEmail').val()
+    var password = $form.find('#UserPassword').val()
+    if (!$form[0].checkValidity()) {
+        $form[0].reportValidity()
+    } else {
+        fetchFormDataAjax(url, function(formHTML) {
+            $('body').append($('<div id="temp" style="display: none"/>').html(formHTML))
+            var $tmpForm = $('#temp form')
+            $tmpForm.find('#UserEmail').val(email)
+            $tmpForm.find('#UserPassword').val(password)
+            $tmpForm.submit()
+        })
+    }
+}
+</script>