If a user visiting /login is already authenticated, bounce them away. This is me trying to avoid hassle for people who bookmarked the login page.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4458 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
parent
85ac6c215a
commit
2b94704916
14
core/auth.js
14
core/auth.js
@ -116,12 +116,20 @@ function getCookies(headers) {
|
|||||||
function handler(request, response) {
|
function handler(request, response) {
|
||||||
let session = getCookies(request.headers).session;
|
let session = getCookies(request.headers).session;
|
||||||
if (request.uri == "/login") {
|
if (request.uri == "/login") {
|
||||||
|
let formData = form.decodeForm(request.query);
|
||||||
|
if (query(request.headers)?.permissions?.authenticated) {
|
||||||
|
if (formData.return) {
|
||||||
|
response.writeHead(303, {"Location": formData.return});
|
||||||
|
} else {
|
||||||
|
response.writeHead(303, {"Location": (request.client.tls ? 'https://' : 'http://') + request.headers.host + '/', "Content-Length": "0"});
|
||||||
|
}
|
||||||
|
response.end();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
let sessionIsNew = false;
|
let sessionIsNew = false;
|
||||||
let loginError;
|
let loginError;
|
||||||
|
|
||||||
let formData = form.decodeForm(request.query);
|
|
||||||
|
|
||||||
print(request.method, utf8Decode(request.body), JSON.stringify(formData));
|
|
||||||
if (request.method == "POST" || formData.submit) {
|
if (request.method == "POST" || formData.submit) {
|
||||||
sessionIsNew = true;
|
sessionIsNew = true;
|
||||||
formData = form.decodeForm(utf8Decode(request.body), formData);
|
formData = form.decodeForm(utf8Decode(request.body), formData);
|
||||||
|
Loading…
Reference in New Issue
Block a user