From 95273697f41326c6cf61a63651c49a02546a6c63 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 18 Aug 2020 12:22:04 -0400
Subject: [PATCH 01/12] Use consistent server User-Agent across application

---
 activitypub.go   |  4 ++--
 app.go           | 10 ++++++++++
 oauth.go         |  2 +-
 oauth_generic.go |  4 ++--
 oauth_gitea.go   |  4 ++--
 oauth_gitlab.go  |  4 ++--
 oauth_slack.go   |  4 ++--
 oauth_writeas.go |  4 ++--
 8 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index d34e70c..0e69075 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -494,7 +494,7 @@ func makeActivityPost(hostName string, p *activitystreams.Person, url string, m
 
 	r, _ := http.NewRequest("POST", url, bytes.NewBuffer(b))
 	r.Header.Add("Content-Type", "application/activity+json")
-	r.Header.Set("User-Agent", "Go ("+serverSoftware+"/"+softwareVer+"; +"+hostName+")")
+	r.Header.Set("User-Agent", ServerUserAgent(hostName))
 	h := sha256.New()
 	h.Write(b)
 	r.Header.Add("Digest", "SHA-256="+base64.StdEncoding.EncodeToString(h.Sum(nil)))
@@ -544,7 +544,7 @@ func resolveIRI(hostName, url string) ([]byte, error) {
 
 	r, _ := http.NewRequest("GET", url, nil)
 	r.Header.Add("Accept", "application/activity+json")
-	r.Header.Set("User-Agent", "Go ("+serverSoftware+"/"+softwareVer+"; +"+hostName+")")
+	r.Header.Set("User-Agent", ServerUserAgent(hostName))
 
 	if debugging {
 		dump, err := httputil.DumpRequestOut(r, true)
diff --git a/app.go b/app.go
index af0a56f..06e677b 100644
--- a/app.go
+++ b/app.go
@@ -903,3 +903,13 @@ func adminInitDatabase(app *App) error {
 	log.Info("Done.")
 	return nil
 }
+
+// ServerUserAgent returns a User-Agent string to use in external requests. The
+// hostName parameter may be left empty.
+func ServerUserAgent(hostName string) string {
+	hostUAStr := ""
+	if hostName != "" {
+		hostUAStr = "; +" + hostName
+	}
+	return "Go (" + serverSoftware + "/" + softwareVer + hostUAStr + ")"
+}
diff --git a/oauth.go b/oauth.go
index fe9fe74..dbcf3bf 100644
--- a/oauth.go
+++ b/oauth.go
@@ -408,7 +408,7 @@ func (r *callbackProxyClient) register(ctx context.Context, state string) error
 	if err != nil {
 		return err
 	}
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 
diff --git a/oauth_generic.go b/oauth_generic.go
index 42c84b0..ce65bca 100644
--- a/oauth_generic.go
+++ b/oauth_generic.go
@@ -62,7 +62,7 @@ func (c genericOauthClient) exchangeOauthCode(ctx context.Context, code string)
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.SetBasicAuth(c.ClientID, c.ClientSecret)
@@ -91,7 +91,7 @@ func (c genericOauthClient) inspectOauthAccessToken(ctx context.Context, accessT
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Authorization", "Bearer "+accessToken)
 
diff --git a/oauth_gitea.go b/oauth_gitea.go
index e6e1000..a9b7741 100644
--- a/oauth_gitea.go
+++ b/oauth_gitea.go
@@ -62,7 +62,7 @@ func (c giteaOauthClient) exchangeOauthCode(ctx context.Context, code string) (*
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.SetBasicAuth(c.ClientID, c.ClientSecret)
@@ -91,7 +91,7 @@ func (c giteaOauthClient) inspectOauthAccessToken(ctx context.Context, accessTok
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Authorization", "Bearer "+accessToken)
 
diff --git a/oauth_gitlab.go b/oauth_gitlab.go
index c9c74aa..ad919e4 100644
--- a/oauth_gitlab.go
+++ b/oauth_gitlab.go
@@ -63,7 +63,7 @@ func (c gitlabOauthClient) exchangeOauthCode(ctx context.Context, code string) (
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.SetBasicAuth(c.ClientID, c.ClientSecret)
@@ -92,7 +92,7 @@ func (c gitlabOauthClient) inspectOauthAccessToken(ctx context.Context, accessTo
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Authorization", "Bearer "+accessToken)
 
diff --git a/oauth_slack.go b/oauth_slack.go
index c881ab6..bad3775 100644
--- a/oauth_slack.go
+++ b/oauth_slack.go
@@ -111,7 +111,7 @@ func (c slackOauthClient) exchangeOauthCode(ctx context.Context, code string) (*
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.SetBasicAuth(c.ClientID, c.ClientSecret)
@@ -140,7 +140,7 @@ func (c slackOauthClient) inspectOauthAccessToken(ctx context.Context, accessTok
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Authorization", "Bearer "+accessToken)
 
diff --git a/oauth_writeas.go b/oauth_writeas.go
index 6251a16..e58f6e9 100644
--- a/oauth_writeas.go
+++ b/oauth_writeas.go
@@ -62,7 +62,7 @@ func (c writeAsOauthClient) exchangeOauthCode(ctx context.Context, code string)
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.SetBasicAuth(c.ClientID, c.ClientSecret)
@@ -91,7 +91,7 @@ func (c writeAsOauthClient) inspectOauthAccessToken(ctx context.Context, accessT
 		return nil, err
 	}
 	req.WithContext(ctx)
-	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("User-Agent", ServerUserAgent(""))
 	req.Header.Set("Accept", "application/json")
 	req.Header.Set("Authorization", "Bearer "+accessToken)
 

From ab32caa49c4d869057150cbd622e335e4db9f1c5 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 12:02:36 -0400
Subject: [PATCH 02/12] Include key names in Login page struct

---
 account.go | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/account.go b/account.go
index fbe5ad0..96f5a3d 100644
--- a/account.go
+++ b/account.go
@@ -317,19 +317,19 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 		OauthGitea              bool
 		GiteaDisplayName        string
 	}{
-		pageForReq(app, r),
-		r.FormValue("to"),
-		template.HTML(""),
-		[]template.HTML{},
-		getTempInfo(app, "login-user", r, w),
-		app.Config().SlackOauth.ClientID != "",
-		app.Config().WriteAsOauth.ClientID != "",
-		app.Config().GitlabOauth.ClientID != "",
-		config.OrDefaultString(app.Config().GenericOauth.DisplayName, genericOauthDisplayName),
-		app.Config().GenericOauth.ClientID != "",
-		config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),
-		app.Config().GiteaOauth.ClientID != "",
-		config.OrDefaultString(app.Config().GiteaOauth.DisplayName, giteaDisplayName),
+		StaticPage:              pageForReq(app, r),
+		To:                      r.FormValue("to"),
+		Message:                 template.HTML(""),
+		Flashes:                 []template.HTML{},
+		LoginUsername:           getTempInfo(app, "login-user", r, w),
+		OauthSlack:              app.Config().SlackOauth.ClientID != "",
+		OauthWriteAs:            app.Config().WriteAsOauth.ClientID != "",
+		OauthGitlab:             app.Config().GitlabOauth.ClientID != "",
+		GitlabDisplayName:       config.OrDefaultString(app.Config().GenericOauth.DisplayName, genericOauthDisplayName),
+		OauthGeneric:            app.Config().GenericOauth.ClientID != "",
+		OauthGenericDisplayName: config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),
+		OauthGitea:              app.Config().GiteaOauth.ClientID != "",
+		GiteaDisplayName:        config.OrDefaultString(app.Config().GiteaOauth.DisplayName, giteaDisplayName),
 	}
 
 	if earlyError != "" {

From 63f023ea98f12bd0598ccb2bc18bc63f2ccf5cc7 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 12:04:36 -0400
Subject: [PATCH 03/12] Fix GitLab & OAuth button labels on Login page

Previously, these display names were swapped.
---
 account.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/account.go b/account.go
index 96f5a3d..92b1523 100644
--- a/account.go
+++ b/account.go
@@ -325,9 +325,9 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 		OauthSlack:              app.Config().SlackOauth.ClientID != "",
 		OauthWriteAs:            app.Config().WriteAsOauth.ClientID != "",
 		OauthGitlab:             app.Config().GitlabOauth.ClientID != "",
-		GitlabDisplayName:       config.OrDefaultString(app.Config().GenericOauth.DisplayName, genericOauthDisplayName),
+		GitlabDisplayName:       config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),
 		OauthGeneric:            app.Config().GenericOauth.ClientID != "",
-		OauthGenericDisplayName: config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),
+		OauthGenericDisplayName: config.OrDefaultString(app.Config().GenericOauth.DisplayName, genericOauthDisplayName),
 		OauthGitea:              app.Config().GiteaOauth.ClientID != "",
 		GiteaDisplayName:        config.OrDefaultString(app.Config().GiteaOauth.DisplayName, giteaDisplayName),
 	}

From 21e9b4a6672a285f04a39e48a9538b21acfffdda Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 12:29:23 -0400
Subject: [PATCH 04/12] Run `go fmt` on database.go

---
 database.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/database.go b/database.go
index c764340..8237e41 100644
--- a/database.go
+++ b/database.go
@@ -2627,11 +2627,11 @@ func (db *datastore) GetIDForRemoteUser(ctx context.Context, remoteUserID, provi
 }
 
 type oauthAccountInfo struct {
-	Provider         string
-	ClientID         string
-	RemoteUserID     string
-	DisplayName      string
-	AllowDisconnect  bool
+	Provider        string
+	ClientID        string
+	RemoteUserID    string
+	DisplayName     string
+	AllowDisconnect bool
 }
 
 func (db *datastore) GetOauthAccounts(ctx context.Context, userID int64) ([]oauthAccountInfo, error) {

From 04d404e61f4826ab82b877250c345aeb68174c98 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 12:38:44 -0400
Subject: [PATCH 05/12] Move text OAuth button styles to login.less

---
 less/login.less    | 8 ++++----
 pages/landing.tmpl | 5 -----
 pages/login.tmpl   | 4 ----
 3 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/less/login.less b/less/login.less
index 473d26f..b756a6a 100644
--- a/less/login.less
+++ b/less/login.less
@@ -16,11 +16,11 @@
 
 	.loginbtn {
 		height: 40px;
-	}
 
-	#writeas-login, #gitlab-login {
-		box-sizing: border-box;
-		font-size: 17px;
+		&.btn.cta {
+			box-sizing: border-box;
+			font-size: 17px;
+		}
 	}
 }
 
diff --git a/pages/landing.tmpl b/pages/landing.tmpl
index f968404..e661aa6 100644
--- a/pages/landing.tmpl
+++ b/pages/landing.tmpl
@@ -60,11 +60,6 @@ form dd {
 	margin-top: 0;
 	max-width: 8em;
 }
-#generic-oauth-login {
-    box-sizing: border-box;
-    font-size: 17px;
-		white-space:nowrap;
-}
 </style>
 {{end}}
 {{define "content"}}
diff --git a/pages/login.tmpl b/pages/login.tmpl
index 9a65da2..d554afe 100644
--- a/pages/login.tmpl
+++ b/pages/login.tmpl
@@ -3,10 +3,6 @@
 <meta itemprop="description" content="Log in to {{.SiteName}}.">
 <style>
 input{margin-bottom:0.5em;}
-#generic-oauth-login {
-    box-sizing: border-box;
-    font-size: 17px;
-}
 </style>
 {{end}}
 {{define "content"}}

From a773d94dc798d506e5db3d2faaa1c3de2b02efa9 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 13:26:15 -0400
Subject: [PATCH 06/12] Reorder Gitea fields and structs in config.go

---
 config/config.go | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/config/config.go b/config/config.go
index 9ff13f8..7b64e02 100644
--- a/config/config.go
+++ b/config/config.go
@@ -81,6 +81,15 @@ type (
 		CallbackProxyAPI string `ini:"callback_proxy_api"`
 	}
 
+	GiteaOauthCfg struct {
+		ClientID         string `ini:"client_id"`
+		ClientSecret     string `ini:"client_secret"`
+		Host             string `ini:"host"`
+		DisplayName      string `ini:"display_name"`
+		CallbackProxy    string `ini:"callback_proxy"`
+		CallbackProxyAPI string `ini:"callback_proxy_api"`
+	}
+
 	SlackOauthCfg struct {
 		ClientID         string `ini:"client_id"`
 		ClientSecret     string `ini:"client_secret"`
@@ -101,14 +110,6 @@ type (
 		AuthEndpoint     string `ini:"auth_endpoint"`
 		AllowDisconnect  bool   `ini:"allow_disconnect"`
 	}
-	GiteaOauthCfg struct {
-		ClientID         string `ini:"client_id"`
-		ClientSecret     string `ini:"client_secret"`
-		Host             string `ini:"host"`
-		DisplayName      string `ini:"display_name"`
-		CallbackProxy    string `ini:"callback_proxy"`
-		CallbackProxyAPI string `ini:"callback_proxy_api"`
-	}
 
 	// AppCfg holds values that affect how the application functions
 	AppCfg struct {
@@ -165,8 +166,8 @@ type (
 		SlackOauth   SlackOauthCfg   `ini:"oauth.slack"`
 		WriteAsOauth WriteAsOauthCfg `ini:"oauth.writeas"`
 		GitlabOauth  GitlabOauthCfg  `ini:"oauth.gitlab"`
-		GenericOauth GenericOauthCfg `ini:"oauth.generic"`
 		GiteaOauth   GiteaOauthCfg   `ini:"oauth.gitea"`
+		GenericOauth GenericOauthCfg `ini:"oauth.generic"`
 	}
 )
 

From 4db2cb89861d47c4cf8682a296bb2e295d14fef6 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 13:31:07 -0400
Subject: [PATCH 07/12] Templatize OAuth buttons across signup and login pages

This moves fields into the `OAuthButtons` struct and puts the buttons into templates/includes/oauth.tmpl.
---
 account.go                   | 36 +++++++++++-------------------------
 app.go                       | 19 ++++---------------
 oauth.go                     | 24 ++++++++++++++++--------
 pages/landing.tmpl           | 18 ++++--------------
 pages/login.tmpl             | 27 +--------------------------
 templates.go                 | 10 ++++++++--
 templates/include/oauth.tmpl | 28 ++++++++++++++++++++++++++++
 7 files changed, 72 insertions(+), 90 deletions(-)
 create mode 100644 templates/include/oauth.tmpl

diff --git a/account.go b/account.go
index 92b1523..236dfb3 100644
--- a/account.go
+++ b/account.go
@@ -304,32 +304,18 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	p := &struct {
 		page.StaticPage
-		To                      string
-		Message                 template.HTML
-		Flashes                 []template.HTML
-		LoginUsername           string
-		OauthSlack              bool
-		OauthWriteAs            bool
-		OauthGitlab             bool
-		GitlabDisplayName       string
-		OauthGeneric            bool
-		OauthGenericDisplayName string
-		OauthGitea              bool
-		GiteaDisplayName        string
+		*OAuthButtons
+		To            string
+		Message       template.HTML
+		Flashes       []template.HTML
+		LoginUsername string
 	}{
-		StaticPage:              pageForReq(app, r),
-		To:                      r.FormValue("to"),
-		Message:                 template.HTML(""),
-		Flashes:                 []template.HTML{},
-		LoginUsername:           getTempInfo(app, "login-user", r, w),
-		OauthSlack:              app.Config().SlackOauth.ClientID != "",
-		OauthWriteAs:            app.Config().WriteAsOauth.ClientID != "",
-		OauthGitlab:             app.Config().GitlabOauth.ClientID != "",
-		GitlabDisplayName:       config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),
-		OauthGeneric:            app.Config().GenericOauth.ClientID != "",
-		OauthGenericDisplayName: config.OrDefaultString(app.Config().GenericOauth.DisplayName, genericOauthDisplayName),
-		OauthGitea:              app.Config().GiteaOauth.ClientID != "",
-		GiteaDisplayName:        config.OrDefaultString(app.Config().GiteaOauth.DisplayName, giteaDisplayName),
+		StaticPage:    pageForReq(app, r),
+		OAuthButtons:  NewOAuthButtons(app.Config()),
+		To:            r.FormValue("to"),
+		Message:       template.HTML(""),
+		Flashes:       []template.HTML{},
+		LoginUsername: getTempInfo(app, "login-user", r, w),
 	}
 
 	if earlyError != "" {
diff --git a/app.go b/app.go
index 06e677b..2aed437 100644
--- a/app.go
+++ b/app.go
@@ -238,27 +238,16 @@ func handleViewLanding(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	p := struct {
 		page.StaticPage
+		*OAuthButtons
 		Flashes []template.HTML
 		Banner  template.HTML
 		Content template.HTML
 
 		ForcedLanding bool
-
-		OauthSlack              bool
-		OauthWriteAs            bool
-		OauthGitlab             bool
-		OauthGeneric            bool
-		OauthGenericDisplayName string
-		GitlabDisplayName       string
 	}{
-		StaticPage:              pageForReq(app, r),
-		ForcedLanding:           forceLanding,
-		OauthSlack:              app.Config().SlackOauth.ClientID != "",
-		OauthWriteAs:            app.Config().WriteAsOauth.ClientID != "",
-		OauthGitlab:             app.Config().GitlabOauth.ClientID != "",
-		OauthGeneric:            app.Config().GenericOauth.ClientID != "",
-		OauthGenericDisplayName: config.OrDefaultString(app.Config().GenericOauth.DisplayName, genericOauthDisplayName),
-		GitlabDisplayName:       config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),
+		StaticPage:    pageForReq(app, r),
+		OAuthButtons:  NewOAuthButtons(app.Config()),
+		ForcedLanding: forceLanding,
 	}
 
 	banner, err := getLandingBanner(app)
diff --git a/oauth.go b/oauth.go
index dbcf3bf..620ffaf 100644
--- a/oauth.go
+++ b/oauth.go
@@ -30,19 +30,27 @@ import (
 
 // OAuthButtons holds display information for different OAuth providers we support.
 type OAuthButtons struct {
-	SlackEnabled      bool
-	WriteAsEnabled    bool
-	GitLabEnabled     bool
-	GitLabDisplayName string
+	SlackEnabled       bool
+	WriteAsEnabled     bool
+	GitLabEnabled      bool
+	GitLabDisplayName  string
+	GiteaEnabled       bool
+	GiteaDisplayName   string
+	GenericEnabled     bool
+	GenericDisplayName string
 }
 
 // NewOAuthButtons creates a new OAuthButtons struct based on our app configuration.
 func NewOAuthButtons(cfg *config.Config) *OAuthButtons {
 	return &OAuthButtons{
-		SlackEnabled:      cfg.SlackOauth.ClientID != "",
-		WriteAsEnabled:    cfg.WriteAsOauth.ClientID != "",
-		GitLabEnabled:     cfg.GitlabOauth.ClientID != "",
-		GitLabDisplayName: config.OrDefaultString(cfg.GitlabOauth.DisplayName, gitlabDisplayName),
+		SlackEnabled:       cfg.SlackOauth.ClientID != "",
+		WriteAsEnabled:     cfg.WriteAsOauth.ClientID != "",
+		GitLabEnabled:      cfg.GitlabOauth.ClientID != "",
+		GitLabDisplayName:  config.OrDefaultString(cfg.GitlabOauth.DisplayName, gitlabDisplayName),
+		GiteaEnabled:       cfg.GiteaOauth.ClientID != "",
+		GiteaDisplayName:   config.OrDefaultString(cfg.GiteaOauth.DisplayName, giteaDisplayName),
+		GenericEnabled:     cfg.GenericOauth.ClientID != "",
+		GenericDisplayName: config.OrDefaultString(cfg.GenericOauth.DisplayName, genericOauthDisplayName),
 	}
 }
 
diff --git a/pages/landing.tmpl b/pages/landing.tmpl
index e661aa6..2131b40 100644
--- a/pages/landing.tmpl
+++ b/pages/landing.tmpl
@@ -60,6 +60,9 @@ form dd {
 	margin-top: 0;
 	max-width: 8em;
 }
+.or {
+	margin-bottom: 2.5em !important;
+}
 </style>
 {{end}}
 {{define "content"}}
@@ -73,20 +76,7 @@ form dd {
 
 	<div{{if not .OpenRegistration}} style="padding: 2em 0;"{{end}}>
 		{{ if .OpenRegistration }}
-			{{ if or .OauthSlack .OauthWriteAs .OauthGitlab .OauthGeneric }}
-				{{ if .OauthSlack }}
-					<div class="row content-container signinbtns signinoauthbtns"><a class="loginbtn" href="/oauth/slack"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a></div>
-				{{ end }}
-				{{ if .OauthWriteAs }}
-					<div class="row content-container signinbtns signinoauthbtns"><a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as">Sign in with <strong>Write.as</strong></a></div>
-				{{ end }}
-				{{ if .OauthGitlab }}
-					<div class="row content-container signinbtns signinoauthbtns"><a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>{{.GitlabDisplayName}}</strong></a></div>
-				{{ end }}
-				{{ if .OauthGeneric }}
-					<div class="row content-container signinbtns signinoauthbtns"><a class="btn cta loginbtn" id="generic-oauth-login" href="/oauth/generic">Sign in with <strong>{{ .OauthGenericDisplayName }}</strong></a></div>
-				{{ end }}
-			{{ end }}
+			{{template "oauth-buttons" .}}
 		{{if not .DisablePasswordAuth}}
 		{{if .Flashes}}<ul class="errors">
 			{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
diff --git a/pages/login.tmpl b/pages/login.tmpl
index d554afe..f0a54eb 100644
--- a/pages/login.tmpl
+++ b/pages/login.tmpl
@@ -13,32 +13,7 @@ input{margin-bottom:0.5em;}
 		{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 	</ul>{{end}}
 
-	{{ if or .OauthSlack .OauthWriteAs .OauthGitlab .OauthGeneric .OauthGitea }}
-		<div class="row content-container signinbtns">
-		{{ if .OauthSlack }}
-			<a class="loginbtn" href="/oauth/slack"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
-		{{ end }}
-		{{ if .OauthWriteAs }}
-			<a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as">Sign in with <strong>Write.as</strong></a>
-		{{ end }}
-		{{ if .OauthGitlab }}
-			<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>{{.GitlabDisplayName}}</strong></a>
-		{{ end }}
-    {{ if .OauthGeneric }}
-      <a class="btn cta loginbtn" id="generic-oauth-login" href="/oauth/generic">Sign in with <strong>{{ .OauthGenericDisplayName }}</strong></a>
-    {{ end }}
-		{{ if .OauthGitea }}
-			<a class="btn cta loginbtn" id="gitea-login" href="/oauth/gitea">Sign in with <strong>{{.GiteaDisplayName}}</strong></a>
-		{{ end }}
-		</div>
-
-		{{if not .DisablePasswordAuth}}
-			<div class="or">
-				<p>or</p>
-				<hr class="short" />
-			</div>
-		{{end}}
-	{{ end }}
+	{{template "oauth-buttons" .}}
 
 {{if not .DisablePasswordAuth}}
 	<form action="/auth/login" method="post" style="text-align: center;margin-top:1em;" onsubmit="disableSubmit()">
diff --git a/templates.go b/templates.go
index 5ee4bcf..3cef57a 100644
--- a/templates.go
+++ b/templates.go
@@ -85,12 +85,18 @@ func initPage(parentDir, path, key string) {
 		log.Info("  [%s] %s", key, path)
 	}
 
-	pages[key] = template.Must(template.New("").Funcs(funcMap).ParseFiles(
+	files := []string{
 		path,
 		filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
 		filepath.Join(parentDir, templatesDir, "base.tmpl"),
 		filepath.Join(parentDir, templatesDir, "user", "include", "silenced.tmpl"),
-	))
+	}
+
+	if key == "login.tmpl" || key == "landing.tmpl" {
+		files = append(files, filepath.Join(parentDir, templatesDir, "include", "oauth.tmpl"))
+	}
+
+	pages[key] = template.Must(template.New("").Funcs(funcMap).ParseFiles(files...))
 }
 
 func initUserPage(parentDir, path, key string) {
diff --git a/templates/include/oauth.tmpl b/templates/include/oauth.tmpl
new file mode 100644
index 0000000..6617fd0
--- /dev/null
+++ b/templates/include/oauth.tmpl
@@ -0,0 +1,28 @@
+{{define "oauth-buttons"}}
+    {{ if or .SlackEnabled .WriteAsEnabled .GitLabEnabled .GiteaEnabled .GenericEnabled }}
+        <div class="row content-container signinbtns">
+            {{ if .SlackEnabled }}
+                <a class="loginbtn" href="/oauth/slack"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
+            {{ end }}
+            {{ if .WriteAsEnabled }}
+                <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as">Sign in with <strong>Write.as</strong></a>
+            {{ end }}
+            {{ if .GitLabEnabled }}
+                <a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>{{.GitLabDisplayName}}</strong></a>
+            {{ end }}
+            {{ if .GiteaEnabled }}
+                <a class="btn cta loginbtn" id="gitea-login" href="/oauth/gitea">Sign in with <strong>{{.GiteaDisplayName}}</strong></a>
+            {{ end }}
+            {{ if .GenericEnabled }}
+                <a class="btn cta loginbtn" id="generic-oauth-login" href="/oauth/generic">Sign in with <strong>{{.GenericDisplayName}}</strong></a>
+            {{ end }}
+        </div>
+
+        {{if not .DisablePasswordAuth}}
+            <div class="or">
+                <p>or</p>
+                <hr class="short" />
+            </div>
+        {{end}}
+    {{ end }}
+{{end}}
\ No newline at end of file

From 00cceca1041517503f2ae312e20e257d8d311219 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 13:35:21 -0400
Subject: [PATCH 08/12] Update signup-via-invite page

This updates signup.tmpl to include all supported OAuth methods and respect the new `DisablePasswordAuth` config value.
---
 invites.go        |  8 ++++----
 pages/signup.tmpl | 21 +++------------------
 2 files changed, 7 insertions(+), 22 deletions(-)

diff --git a/invites.go b/invites.go
index 10416b2..4e3eff4 100644
--- a/invites.go
+++ b/invites.go
@@ -170,14 +170,14 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	p := struct {
 		page.StaticPage
+		*OAuthButtons
 		Error   string
 		Flashes []template.HTML
 		Invite  string
-		OAuth   *OAuthButtons
 	}{
-		StaticPage: pageForReq(app, r),
-		Invite:     inviteCode,
-		OAuth:      NewOAuthButtons(app.cfg),
+		StaticPage:   pageForReq(app, r),
+		OAuthButtons: NewOAuthButtons(app.cfg),
+		Invite:       inviteCode,
 	}
 
 	if expired {
diff --git a/pages/signup.tmpl b/pages/signup.tmpl
index c17aee3..b1bb50d 100644
--- a/pages/signup.tmpl
+++ b/pages/signup.tmpl
@@ -70,25 +70,9 @@ form dd {
 		</ul>{{end}}
 
 		<div id="billing">
-			{{ if or .OAuth.SlackEnabled .OAuth.WriteAsEnabled .OAuth.GitLabEnabled }}
-				<div class="row content-container signinbtns">
-					{{ if .OAuth.SlackEnabled }}
-						<a class="loginbtn" href="/oauth/slack{{if .Invite}}?invite_code={{.Invite}}{{end}}"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
-					{{ end }}
-					{{ if .OAuth.WriteAsEnabled }}
-						<a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as{{if .Invite}}?invite_code={{.Invite}}{{end}}">Sign in with <strong>Write.as</strong></a>
-					{{ end }}
-					{{ if .OAuth.GitLabEnabled }}
-						<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab{{if .Invite}}?invite_code={{.Invite}}{{end}}">Sign in with <strong>{{.OAuth.GitLabDisplayName}}</strong></a>
-					{{ end }}
-				</div>
-
-				<div class="or">
-					<p>or</p>
-					<hr class="short" />
-				</div>
-			{{ end }}
+			{{template "oauth-buttons" .}}
 
+			{{if not .DisablePasswordAuth}}
 			<form action="/auth/signup" method="POST" id="signup-form" onsubmit="return signup()">
 				<input type="hidden" name="invite_code" value="{{.Invite}}" />
 				<dl class="billing">
@@ -112,6 +96,7 @@ form dd {
 					</dt>
 				</dl>
 			</form>
+			{{end}}
 		</div>
 		{{ end }}
 	</div>

From a78b36b87121dd759776df6119b2c271ff0b42dc Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 14:55:16 -0400
Subject: [PATCH 09/12] Fix whitespace in user/settings.tmpl

---
 templates/user/settings.tmpl | 40 ++++++++++++++++++------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index b6abadc..95c57c4 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -75,18 +75,18 @@ h3 { font-weight: normal; }
 	</form>
 	{{end}}
 
-    {{ if .OauthSection }}
+	{{ if .OauthSection }}
 		<hr />
 
-	    {{ if .OauthAccounts }}
+		{{ if .OauthAccounts }}
 		<div class="option">
 			<h2>Linked Accounts</h2>
 			<p>These are your linked external accounts.</p>
-	        {{ range $oauth_account := .OauthAccounts }}
-		        <form method="post" action="/api/me/oauth/remove" autocomplete="false">
-		            <input type="hidden" name="provider" value="{{ $oauth_account.Provider }}" />
-		            <input type="hidden" name="client_id" value="{{ $oauth_account.ClientID }}" />
-		            <input type="hidden" name="remote_user_id" value="{{ $oauth_account.RemoteUserID }}" />
+			{{ range $oauth_account := .OauthAccounts }}
+				<form method="post" action="/api/me/oauth/remove" autocomplete="false">
+					<input type="hidden" name="provider" value="{{ $oauth_account.Provider }}" />
+					<input type="hidden" name="client_id" value="{{ $oauth_account.ClientID }}" />
+					<input type="hidden" name="remote_user_id" value="{{ $oauth_account.RemoteUserID }}" />
 					<div class="section oauth-provider">
 						{{ if $oauth_account.DisplayName}}
 							{{ if $oauth_account.AllowDisconnect}}
@@ -99,8 +99,8 @@ h3 { font-weight: normal; }
 							<input type="submit" value="Remove {{ $oauth_account.Provider | title }}" />
 						{{end}}
 					</div>
-    	        </form>
-            {{ end }}
+				</form>
+			{{ end }}
 		</div>
 		{{ end }}
 		{{ if or .OauthSlack .OauthWriteAs .OauthGitLab .OauthGeneric .OauthGitea }}
@@ -116,41 +116,41 @@ h3 { font-weight: normal; }
 					</a>
 				</div>
 			{{ end }}
-	        {{ if .OauthSlack }}
+			{{ if .OauthSlack }}
 				<div class="section oauth-provider">
 					<img src="/img/mark/slack.png" alt="Slack" />
 					<a class="btn cta loginbtn" href="/oauth/slack?attach=t">
 						Link <strong>Slack</strong>
 					</a>
 				</div>
-            {{ end }}
-            {{ if .OauthGitLab }}
+			{{ end }}
+			{{ if .OauthGitLab }}
 				<div class="section oauth-provider">
 					<img src="/img/mark/gitlab.png" alt="GitLab" />
 					<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab?attach=t">
 						Link <strong>{{.GitLabDisplayName}}</strong>
 					</a>
 				</div>
-            {{ end }}
-						{{ if .OauthGitea }}
+			{{ end }}
+			{{ if .OauthGitea }}
 				<div class="section oauth-provider">
 					<img src="/img/mark/gitea.png" alt="Gitea" />
 					<a class="btn cta loginbtn" id="gitea-login" href="/oauth/gitea?attach=t">
 						Link <strong>{{.GiteaDisplayName}}</strong>
 					</a>
 				</div>
-						{{ end }}
+			{{ end }}
 			</div>
-				{{ if .OauthGeneric }}
+			{{ if .OauthGeneric }}
 				<div class="row">
 					<div class="section oauth-provider">
-            <p><a class="btn cta loginbtn" id="generic-oauth-login" href="/oauth/generic?attach=t">Link <strong>{{ .OauthGenericDisplayName }}</strong></a></p>
-        	</div>
+						<p><a class="btn cta loginbtn" id="generic-oauth-login" href="/oauth/generic?attach=t">Link <strong>{{ .OauthGenericDisplayName }}</strong></a></p>
+					</div>
 				</div>
-				{{ end }}
+			{{ end }}
 		</div>
 		{{ end }}
-    {{ end }}
+	{{ end }}
 </div>
 
 <script>

From 455e50c9a893cd5fcdc5781a5b3cbaaaa192420b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 15:14:29 -0400
Subject: [PATCH 10/12] Use branded OAuth buttons

This includes the platform mark with each login button and uses
brand colors. It also uses the same style on the Account Settings
page. And it wraps buttons on login / signup pages.
---
 less/login.less                   |  50 ++++++++++++++++++++++++++++--
 static/img/mark/writeas-white.png | Bin 0 -> 2733 bytes
 templates/include/oauth.tmpl      |  15 +++++++--
 templates/user/settings.tmpl      |  22 ++++++-------
 4 files changed, 71 insertions(+), 16 deletions(-)
 create mode 100644 static/img/mark/writeas-white.png

diff --git a/less/login.less b/less/login.less
index b756a6a..fefeb12 100644
--- a/less/login.less
+++ b/less/login.less
@@ -9,17 +9,63 @@
  */
 
 .row.signinbtns {
-	justify-content: space-evenly;
+	justify-content: center;
 	font-size: 1em;
 	margin-top: 2em;
 	margin-bottom: 1em;
+	flex-wrap: wrap;
 
 	.loginbtn {
 		height: 40px;
+		margin: 0.5em;
 
-		&.btn.cta {
+		&.btn {
 			box-sizing: border-box;
 			font-size: 17px;
+			white-space: nowrap;
+
+			img {
+				height: 1.5em;
+				vertical-align: middle;
+			}
+		}
+
+		&#writeas-login, &#slack-login {
+			img {
+				margin-top: -0.2em;
+			}
+		}
+
+		&#gitlab-login {
+			background-color: #fc6d26;
+			border-color: #fc6d26;
+			&:hover {
+				background-color: darken(#fc6d26, 5%);
+				border-color: darken(#fc6d26, 5%);
+			}
+		}
+
+		&#gitea-login {
+			background-color: #2ecc71;
+			border-color: #2ecc71;
+			&:hover {
+				background-color: #2cc26b;
+				border-color: #2cc26b;
+			}
+		}
+
+		&#slack-login, &#gitlab-login, &#gitea-login, &#generic-oauth-login {
+			font-size: 0.86em;
+			font-family: @sansFont;
+		}
+
+		&#slack-login, &#generic-oauth-login {
+			color: @lightTextColor;
+			background-color: @lightNavBG;
+			border-color: @lightNavBorder;
+			&:hover {
+				background-color: @lightNavHoverBG;
+			}
 		}
 	}
 }
diff --git a/static/img/mark/writeas-white.png b/static/img/mark/writeas-white.png
new file mode 100644
index 0000000000000000000000000000000000000000..6c9b2cd5f3fa33f19aa79f30d071820d6f72ba5e
GIT binary patch
literal 2733
zcmb_e`#aN%AOCD~uThjs2uX!AtVQLLj@!vCA}Kn#EafyClDSOGCFOqWh?Gmo3PZw{
z*gl1=qiJQwl1m#4MPu#^Ir<a6&+~o1pV#~KJg@ijdR{-i-)Zir|A5Qwkpln#?s&@1
zV~fjwK}Kq8X0Wd!wn!?_`42l_^H-O*lM1#J*|1X=BDNf#egR^0s3dwzl)mBUYA^j&
zMoDqk-jy%IwE!Sz?r8V>+2{e`FedDwy(V*Zrp1+0s61GCiqYTX<zD_|%%kmtc5;%+
zS${jG+GE=M-{zUg#u7It%9F+2M<2aCg!Vis{jueuLpkC|P;BCLrg_V)b4KlYl~0ya
zYmM<W#kupAYd@wP3BA0lRVYXC11m!5yfuMmrM>U}Qyv+|i`{VKhj16zk3&{tNdH&J
z@$+_<d=p#Jm+@MnRwTpWOIbMh8FcY)ke}HwWE8#Tn2E{FQ^IcpXtLG8!}auxXd0Y5
zu#~cf>hU3XYtAtLEzpDsPS4G2sg6wymbvH0nT;Z~03#RHd_`;_ghT+$oE+OhX-_Yq
z8Z^ws6G(ljQ_&um*Nkt)RX|O;n!%KQKw|uxvH^gu;k`WhhmE2N5D|HBH*v+I_L^6$
zY3_h;8_UPy!id?N`gQYT^0m;tkfjGHKpQkz@)Elr)0`*yb`TVR8PxEP9CLstg@?@m
z8?+nZLtze#iRiu5_o^>+ABnMxtB#rtbdBf)J3wAc;B0GyEWlSkDZ~wu)JJ!O9SzGs
zUMcJTlE)K$=MFThN&6^Vz+Bb)I$@3x`WDa4X<~#anah*wa_r$y@<zn~Q7;p@0lv?4
z#2>6$mgU#F#H>P1^aYr;pj+ci<4h#o14xa59J{YiCZ#=CZQ!1M4d0i;zIzXI-4s#V
z96@ADU!rxY&Z8ESI>>X_QVnrh8O{fIP%s<mDrwZh9X}7uZGZ}lbNnmtj<YqXWvugX
zH<xcGS!@j=@QH*Ejsp@9qPdbxWT+t^aC$9J>n&EF-$QOzO1u@Rsz=rF^ldcdw=#*h
z-4?Sap6wwf=&%iP-|b5dHp9swC}w_*RVxM`G{S~+)C0&oeKjJZXptITf3|F?FU%`q
zau*Tsb9@?KLhOPF=?BALJ%<1RLhok#z}@P^uiiRr-J45~_x6cQ!A#;*d`bBJktR5(
zS3HpT$-9lVd*!UA-zOW4@N-^HySX+H1;y+MdbXjjzLg;aQEK^OkFKe!qvJS?TBmSP
zweMQLkA*DtNVzLP0hg{M>ECK`xH7!1xkXpxdIG6p^@87+3^sOJ4y(=<<-l|}={bAQ
z@&>^Cif>hmOR)a2&y*MG8cPtWo{sfBhY%S#SuhKv|D{d30qj99t!ZnJQxj0Q#fUsK
zHM|=xyISmW%k^|TV#FTOH{<003TjesfvOC@)ogZo@|scCy9q?YXH`y#Dp84O>`nb?
z$wL`m2l|6EkJkY#46MNrnKj;6-KRjm>(!ThGG{Xeg)6z5IZHK7s(8;t2#x17a6(-<
zuq|6$`e(IqVc!ZE34u_%H`fhB9yak;&SRW!6V{vfdRyTK&@5$1|DSk1a_HZS9)}^=
zy5jhv$8UGi&qH}!r($eTYRNNw)HaII^S77$5%8yH%=EB5?(Iz%Fl@t>&0NS7DK*X{
zTMT4siXKYD9p<;n4?V!=VQueA$${qm(w4bJjLv)ylgnwG^Z+{jTg~WsP42)pxoX}4
zeqj2<3xwzaa@<wYf1`Rt7c8iB?J*TpH9EvTW^0Ftv8xTdGPmtuOa5eJ>`6|AO7tD6
zzEf*S6evb<Fj4C{H~YxFSktkZD=p&huPd}NZ_;!XUj+x6H#~j%7#df#KWq31*h+uC
zgSe^I3(K00;i~?WDJ~(KZnR`KAtWYzG1kXyo>_jO?97Oz!@$X+dHLPMzM6oH!OKk+
zI>p~jtJ^Tpy@Z4;di`k@=VhiP<7nPoK*eM5=8*;mi~9me{^!o@w{HUUdTg|cf*zK;
znx0U7rC2kvv<K4fvKsQwv`&YO9C+rCByZt~fBI4Ysq&Kjs`iYW-*Dd?@YijuQ3JR1
z_>a(x#HxJeuyZn|vm=eWvgGf?jtEYR&>M3ex(Az4Uf)cvB=5W^vprP05WWo#P4ED+
zY0Z_0Th}^z$Uo~B^j|8#z}82*8H}Q+Fz1TEnvrd4jsJFQjhs2RK?}@WB|*a$YDQqR
ziJ0F;Ov?nkZ}xY~&WRM>C~MwOvNr6MU};^)vzWxfeCB#7viuBN`eNa+g^wdlm@xx;
z(EzjAu9Q2ToF)Xj))VN=Pp~?=8zg$p>2)NCk#%G-G|g`~I?6`xh-RpwcI1+DsS(S8
zk<f$Y`-0|sbJWoI>{~#{SD1nK3UDnuIz$~e!@TWuA_eob#d;Mty1Y>;$!g)syVDka
z*7cWg`#2Ptqu}tg-<r|T2X6KBd*vEnJ4IsU%w>S4K$*v0`6sf5Xi%`OFd}ukMAwfK
zI8^=P(LDN*(?DG*Efk=vEHKyjC|Z;?@IyHHeGM*}ntorXTb=Z-rcJXF?&LRBGwQPh
zWuIHUkMQ%_G}UqQ_Mjaa{b_*h+42`|VT@LAgm?7#ff1>(l6AIcxbIG!H222h0>T|g
z^^SQyekSfM8+DRp!t714{BwFR$zG3NCOf3x-^V$sL`i?z{pFiIc-_y-5P-!d-JZI;
z#9<T_*>-s=CN%V3<{6R4;6nrS*F-*M?#XQ1owyr76n=4`#{*FIj*))G_MuY3&{@cA
zPr`^zHC-uw@^#OyGLd`dXiH-JOo>&yU>C7#`l;=GUqxsb=v}ZVqLxMK8*aRph|it-
zd}3#(GN%ssZAs#<cNMAXokEjA^$P~RyyKHS>*juMu#)g_-2hVX-)e59wx&!RAkOM{
zMjd!59eo6uwb2%}d8)cE#dwo$ARw$Am-K&WeZ>W%g8O;2E0KleJO*RYF2T2_I=)&A
zZ(iKmVyRu#&$0#Yxz6Ta-gtME{1ee_NF9#yVpx(cw^2NI5y!G~Cl*p{E8+VU7OO(b
z#zk$&@iDni%Xu?{9|*gN0YXs2>ry@PN>G)hP!FrZlifILy~qzrSNU)badS5jf*+;b
z*DmbJdNDTra{81DnqcQB-qGbNQ+>V)*j|r6w_l2%&x#SNn3|!yWCPKx76XNE(;+bu
zlpOO_TP#w+5a_6GgZNv`PUwcB7$MycNLFc(ez*0id0$jpN?9gaR1P&6s-ey{sya{I
zC1rIcoQc$$v6A24wCkeOx}^>;3bt(YJ)~I<6e(U+nI+k6RGj|oqjEu$wyk!Nxr^C~
zI4m;*!3n2Bo~;E;pve*vlu+tq;_q8mu)goR?Z+I8_NK|yC+Pk1h*h8!zM>pJV(p#v
zT8?^U;p;HgM1HPHWQzmtIL&xHoNvl+$a1ySJba)X#!qfgr?ie8a5!-_+)(5>)Jq=x
zWe^e^wqGCk9(!%mPD*;9wpjod;PHM)LBn+Vo&T}k_AmMc5!@vT0xeiuk0sz}f7-6j
H#y{ylH@ie%

literal 0
HcmV?d00001

diff --git a/templates/include/oauth.tmpl b/templates/include/oauth.tmpl
index 6617fd0..9a8d05e 100644
--- a/templates/include/oauth.tmpl
+++ b/templates/include/oauth.tmpl
@@ -5,13 +5,22 @@
                 <a class="loginbtn" href="/oauth/slack"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
             {{ end }}
             {{ if .WriteAsEnabled }}
-                <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as">Sign in with <strong>Write.as</strong></a>
+                <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as">
+                    <img src="/img/mark/writeas-white.png" />
+                    Sign in with <strong>Write.as</strong>
+                </a>
             {{ end }}
             {{ if .GitLabEnabled }}
-                <a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>{{.GitLabDisplayName}}</strong></a>
+                <a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">
+                    <img src="/img/mark/gitlab.png" />
+                    Sign in with <strong>{{.GitLabDisplayName}}</strong>
+                </a>
             {{ end }}
             {{ if .GiteaEnabled }}
-                <a class="btn cta loginbtn" id="gitea-login" href="/oauth/gitea">Sign in with <strong>{{.GiteaDisplayName}}</strong></a>
+                <a class="btn cta loginbtn" id="gitea-login" href="/oauth/gitea">
+                    <img src="/img/mark/gitea.png" />
+                    Sign in with <strong>{{.GiteaDisplayName}}</strong>
+                </a>
             {{ end }}
             {{ if .GenericEnabled }}
                 <a class="btn cta loginbtn" id="generic-oauth-login" href="/oauth/generic">Sign in with <strong>{{.GenericDisplayName}}</strong></a>
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index 95c57c4..22de3d8 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -107,47 +107,47 @@ h3 { font-weight: normal; }
 		<div class="option">
 			<h2>Link External Accounts</h2>
 			<p>Connect additional accounts to enable logging in with those providers, instead of using your username and password.</p>
-			<div class="row">
+			<div class="row signinbtns">
 			{{ if .OauthWriteAs }}
 				<div class="section oauth-provider">
-					<img src="/img/mark/writeas.png" alt="Write.as" />
 					<a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as?attach=t">
+						<img src="/img/mark/writeas-white.png" alt="Write.as" />
 						Link <strong>Write.as</strong>
 					</a>
 				</div>
 			{{ end }}
 			{{ if .OauthSlack }}
 				<div class="section oauth-provider">
-					<img src="/img/mark/slack.png" alt="Slack" />
-					<a class="btn cta loginbtn" href="/oauth/slack?attach=t">
+					<a class="btn cta loginbtn" id="slack-login" href="/oauth/slack?attach=t">
+						<img src="/img/mark/slack.png" alt="Slack" />
 						Link <strong>Slack</strong>
 					</a>
 				</div>
 			{{ end }}
 			{{ if .OauthGitLab }}
 				<div class="section oauth-provider">
-					<img src="/img/mark/gitlab.png" alt="GitLab" />
 					<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab?attach=t">
+						<img src="/img/mark/gitlab.png" alt="GitLab" />
 						Link <strong>{{.GitLabDisplayName}}</strong>
 					</a>
 				</div>
 			{{ end }}
 			{{ if .OauthGitea }}
 				<div class="section oauth-provider">
-					<img src="/img/mark/gitea.png" alt="Gitea" />
 					<a class="btn cta loginbtn" id="gitea-login" href="/oauth/gitea?attach=t">
+						<img src="/img/mark/gitea.png" alt="Gitea" />
 						Link <strong>{{.GiteaDisplayName}}</strong>
 					</a>
 				</div>
 			{{ end }}
-			</div>
 			{{ if .OauthGeneric }}
-				<div class="row">
-					<div class="section oauth-provider">
-						<p><a class="btn cta loginbtn" id="generic-oauth-login" href="/oauth/generic?attach=t">Link <strong>{{ .OauthGenericDisplayName }}</strong></a></p>
-					</div>
+				<div class="section oauth-provider">
+					<a class="btn cta loginbtn" id="generic-oauth-login" href="/oauth/generic?attach=t">
+						Link <strong>{{ .OauthGenericDisplayName }}</strong>
+					</a>
 				</div>
 			{{ end }}
+			</div>
 		</div>
 		{{ end }}
 	{{ end }}

From 7a09a47de24d47d3b7971c6657787533ff893e14 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 15:20:13 -0400
Subject: [PATCH 11/12] Include OAuth buttons on signup-via-invite page

---
 templates.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates.go b/templates.go
index 3cef57a..be1412c 100644
--- a/templates.go
+++ b/templates.go
@@ -92,7 +92,7 @@ func initPage(parentDir, path, key string) {
 		filepath.Join(parentDir, templatesDir, "user", "include", "silenced.tmpl"),
 	}
 
-	if key == "login.tmpl" || key == "landing.tmpl" {
+	if key == "login.tmpl" || key == "landing.tmpl" || key == "signup.tmpl" {
 		files = append(files, filepath.Join(parentDir, templatesDir, "include", "oauth.tmpl"))
 	}
 

From 217430e56b35e69436d7b59127c575aaf21623af Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 19 Aug 2020 15:40:07 -0400
Subject: [PATCH 12/12] Redirect user to /me/settings on cancelled OAuth flow

---
 oauth.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/oauth.go b/oauth.go
index 620ffaf..e3f65ef 100644
--- a/oauth.go
+++ b/oauth.go
@@ -326,6 +326,12 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 	tokenResponse, err := h.oauthClient.exchangeOauthCode(ctx, code)
 	if err != nil {
 		log.Error("Unable to exchangeOauthCode: %s", err)
+		// TODO: show user friendly message if needed
+		// TODO: show NO message for cases like user pressing "Cancel" on authorize step
+		addSessionFlash(app, w, r, err.Error(), nil)
+		if attachUserID > 0 {
+			return impart.HTTPError{http.StatusFound, "/me/settings"}
+		}
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
 	}