From 5a3e8d59b6bdab75105364b204e6fddb17c07c85 Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Mon, 29 Mar 2021 20:55:21 -0400 Subject: [PATCH] Support logging out of password-protected blogs Closes T492 --- collections.go | 48 +++++++++++++++++++++++-- routes.go | 1 + templates/collection.tmpl | 57 +++++++++++++++++++----------- templates/password-collection.tmpl | 12 +++++++ 4 files changed, 95 insertions(+), 23 deletions(-) diff --git a/collections.go b/collections.go index e1ebe48..5fe5d24 100644 --- a/collections.go +++ b/collections.go @@ -110,6 +110,8 @@ type ( // User-related fields isCollOwner bool + + isAuthorized bool } ) @@ -553,6 +555,7 @@ type CollectionPage struct { IsCustomDomain bool IsWelcome bool IsOwner bool + IsCollLoggedIn bool CanPin bool Username string Monetization string @@ -672,9 +675,9 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R } // See if we've authorized this collection - authd := isAuthorizedForCollection(app, c.Alias, r) + cr.isAuthorized = isAuthorizedForCollection(app, c.Alias, r) - if !authd { + if !cr.isAuthorized { p := struct { page.StaticPage *CollectionObj @@ -792,6 +795,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro // Serve collection displayPage := CollectionPage{ DisplayCollection: coll, + IsCollLoggedIn: cr.isAuthorized, StaticPage: pageForReq(app, r), IsCustomDomain: cr.isCustomDomain, IsWelcome: r.FormValue("greeting") != "", @@ -1158,3 +1162,43 @@ func isAuthorizedForCollection(app *App, alias string, r *http.Request) bool { } return authd } + +func logOutCollection(app *App, alias string, w http.ResponseWriter, r *http.Request) error { + session, err := app.sessionStore.Get(r, blogPassCookieName) + if err != nil { + return err + } + + // Remove this from map of blogs logged into + delete(session.Values, alias) + + // If not auth'd with any blog, delete entire cookie + if len(session.Values) == 0 { + session.Options.MaxAge = -1 + } + return session.Save(r, w) +} + +func handleLogOutCollection(app *App, w http.ResponseWriter, r *http.Request) error { + alias := collectionAliasFromReq(r) + var c *Collection + var err error + if app.cfg.App.SingleUser { + c, err = app.db.GetCollectionByID(1) + } else { + c, err = app.db.GetCollection(alias) + } + if err != nil { + return err + } + if !c.IsProtected() { + // Invalid to log out of this collection + return ErrCollectionPageNotFound + } + + err = logOutCollection(app, c.Alias, w, r) + if err != nil { + addSessionFlash(app, w, r, "Logging out failed. Try clearing cookies for this site, instead.", nil) + } + return impart.HTTPError{http.StatusFound, c.CanonicalURL()} +} diff --git a/routes.go b/routes.go index bb1785f..5530552 100644 --- a/routes.go +++ b/routes.go @@ -204,6 +204,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router { } func RouteCollections(handler *Handler, r *mux.Router) { + r.HandleFunc("/logout", handler.Web(handleLogOutCollection, UserLevelOptional)) r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelReader)) r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelReader)) r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader)) diff --git a/templates/collection.tmpl b/templates/collection.tmpl index 42664e7..493e6b7 100644 --- a/templates/collection.tmpl +++ b/templates/collection.tmpl @@ -40,27 +40,42 @@ - {{if or .IsOwner .SingleUser}}{{end}} + {{if or .IsOwner .SingleUser}} + + {{else if .IsCollLoggedIn}} + + {{end}}
{{if .Silenced}} diff --git a/templates/password-collection.tmpl b/templates/password-collection.tmpl index e0b755d..c1c9083 100644 --- a/templates/password-collection.tmpl +++ b/templates/password-collection.tmpl @@ -25,6 +25,18 @@ + {{if .SingleUser}} + + {{end}} +

{{.DisplayTitle}}