Allow old login method with suitable warning.

brutaldon/templates/setup/login-oauth.html

@@ -22,5 +22,13 @@
         </div>
     </form>
 
+    <div class="notification">
+        <button class="delete"></button>
+        <div>
+            Not able to log in with this form? Maybe your brutaldon instance isn't
+            visible on the internet to your Mastodon instance? If so, you can use
+            the <a href="{% url "oldlogin" %}">old login form</a>.
+        </div>
+    </div>
 
 {% endblock %}

brutaldon/templates/setup/login.html

@@ -4,7 +4,7 @@
 {% block content %}
     <h1 class="title">Log in to your instance</h1>
 
-    <form method="post" action="{% url "login" %}">
+    <form method="post" action="{% url "oldlogin" %}">
         {% csrf_token %}
         <div class="field">
             <label class="label">{{ form.instance.label  }}</label>
@@ -46,7 +46,9 @@
             This information is only used to log you in to your instance for the
             first time. Brutaldon never stores your username and password; it
             only uses it to acquire a token which you can disable from the
-            settings page of your Mastodon instance.
+            settings page of your Mastodon instance. However, you do need to
+            absolutely trust the person running this copy of brutaldon! If that's
+            not the case, use the <a href="{% url "login" %}">OAuth login form</a>.
         </p>
     </div>
 

brutaldon/urls.py

@@ -21,6 +21,7 @@ urlpatterns = [
     path('admin/', admin.site.urls),
     path('home', views.home, name='home'),
     path('login', views.login, name="login"),
+    path('oldlogin', views.old_login, name="oldlogin"),
     path('logout', views.logout, name='logout'),
     path('oauth_callback', views.oauth_callback, name="oauth_callback"),
     path('error', views.error, name='error'),