Merge branch 'main' of gitlab.com:bashrc2/epicyon

daemon.py

@@ -177,6 +177,7 @@ from webapp_utils import csv_following_list
 from webapp_utils import set_blog_address
 from webapp_utils import html_show_share
 from webapp_utils import get_pwa_theme_colors
+from webapp_utils import text_mode_browser
 from webapp_calendar import html_calendar_delete_confirm
 from webapp_calendar import html_calendar
 from webapp_about import html_about
@@ -190,7 +191,6 @@ from webapp_confirm import html_confirm_unblock
 from webapp_person_options import person_minimize_images
 from webapp_person_options import person_undo_minimize_images
 from webapp_person_options import html_person_options
-from webapp_timeline import text_mode_browser
 from webapp_timeline import html_shares
 from webapp_timeline import html_wanted
 from webapp_timeline import html_inbox
@@ -1059,6 +1059,15 @@ class PubServer(BaseHTTPRequestHandler):
                                    'This is nothing less ' +
                                    'than an utter triumph', None)
 
+    def _401(self, post_msg: str) -> None:
+        if self.server.translate:
+            ok_str = self.server.translate[post_msg]
+            self._http_return_code(401, self.server.translate['Unauthorized'],
+                                   ok_str, None)
+        else:
+            self._http_return_code(401, 'Unauthorized',
+                                   post_msg, None)
+
     def _201(self, etag: str) -> None:
         if self.server.translate:
             done_str = self.server.translate['It is done']
@@ -2050,11 +2059,12 @@ class PubServer(BaseHTTPRequestHandler):
                                'epicyon=; SameSite=Strict',
                                calling_domain)
 
-    def _show_login_screen(self, calling_domain: str, cookie: str,
+    def _post_login_screen(self, calling_domain: str, cookie: str,
                            base_dir: str, http_prefix: str,
                            domain: str, domain_full: str, port: int,
-                           onion_domain: str, i2p_domain: str) -> None:
+                           onion_domain: str, i2p_domain: str,
-        """Shows the login screen
+                           ua_str: str, debug: bool) -> None:
+        """POST to login screen, containing credentials
         """
         # ensure that there is a minimum delay between failed login
         # attempts, to mitigate brute force
@@ -2067,8 +2077,7 @@ class PubServer(BaseHTTPRequestHandler):
         length = int(self.headers['Content-length'])
         if length > 512:
             print('Login failed - credentials too long')
-            self.send_response(401)
+            self._401('Credentials are too long')
-            self.end_headers()
             self.server.postreq_busy = False
             return
 
@@ -2095,7 +2104,7 @@ class PubServer(BaseHTTPRequestHandler):
             html_get_login_credentials(login_params,
                                        self.server.last_login_time,
                                        domain)
-        if login_nickname:
+        if login_nickname and login_password:
             if is_system_account(login_nickname):
                 print('Invalid username login: ' + login_nickname +
                       ' (system account)')
@@ -2176,7 +2185,8 @@ class PubServer(BaseHTTPRequestHandler):
                     self.server.postreq_busy = False
                     return
                 # login success - redirect with authorization
-                print('====== Login success: ' + login_nickname)
+                print('====== Login success: ' + login_nickname +
+                      ' ' + ua_str)
                 # re-activate account if needed
                 activate_account(base_dir, login_nickname, domain)
                 # This produces a deterministic token based
@@ -2246,6 +2256,33 @@ class PubServer(BaseHTTPRequestHandler):
                                            cookie_str, calling_domain)
                 self.server.postreq_busy = False
                 return
+        else:
+            print('WARN: No login credentials presented to /login')
+            if debug:
+                # be careful to avoid logging the password
+                login_str = login_params
+                if '=' in login_params:
+                    login_params_list = login_params.split('=')
+                    login_str = ''
+                    skip_param = False
+                    for login_prm in login_params_list:
+                        if not skip_param:
+                            login_str += login_prm + '='
+                        else:
+                            len_str = login_prm.split('&')[0]
+                            if len(len_str) > 0:
+                                login_str += login_prm + '*'
+                            len_str = ''
+                            if '&' in login_prm:
+                                login_str += \
+                                    '&' + login_prm.split('&')[1] + '='
+                        skip_param = False
+                        if 'password' in login_prm:
+                            skip_param = True
+                    login_str = login_str[:len(login_str) - 1]
+                print(login_str)
+            self._401('No login credentials were posted')
+            self.server.postreq_busy = False
         self._200()
         self.server.postreq_busy = False
 
@@ -15287,7 +15324,7 @@ class PubServer(BaseHTTPRequestHandler):
                                self.server.http_prefix,
                                self.server.domain_full,
                                self.server.system_language,
-                               False).encode('utf-8')
+                               False, ua_str).encode('utf-8')
                 msglen = len(msg)
                 self._logout_headers('text/html', msglen, calling_domain)
                 self._write(msg)
@@ -16995,7 +17032,7 @@ class PubServer(BaseHTTPRequestHandler):
                              self.server.http_prefix,
                              self.server.domain_full,
                              self.server.system_language,
-                             True).encode('utf-8')
+                             True, ua_str).encode('utf-8')
             msglen = len(msg)
             self._login_headers('text/html', msglen, calling_domain)
             self._write(msg)
@@ -20042,16 +20079,17 @@ class PubServer(BaseHTTPRequestHandler):
                             '_POST', 'start',
                             self.server.debug)
 
-        # login screen
+        # POST to login screen, containing credentials
         if self.path.startswith('/login'):
-            self._show_login_screen(calling_domain, cookie,
+            self._post_login_screen(calling_domain, cookie,
                                     self.server.base_dir,
                                     self.server.http_prefix,
                                     self.server.domain,
                                     self.server.domain_full,
                                     self.server.port,
                                     self.server.onion_domain,
-                                    self.server.i2p_domain)
+                                    self.server.i2p_domain,
+                                    ua_str, self.server.debug)
             self.server.postreq_busy = False
             return
 

translations/ar.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "آخر أسبوعين",
     "Last month": "الشهر الماضي",
     "Last 6 months": "آخر 6 أشهر",
-    "Last year": "العام الماضي"
+    "Last year": "العام الماضي",
+    "Unauthorized": "غير مصرح",
+    "No login credentials were posted": "لم يتم نشر بيانات اعتماد تسجيل الدخول",
+    "Credentials are too long": "أوراق الاعتماد طويلة جدًا"
 }

translations/bn.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "গত ২ সপ্তাহ",
     "Last month": "গত মাসে",
     "Last 6 months": "গত ৬ মাস",
-    "Last year": "গত বছর"
+    "Last year": "গত বছর",
+    "Unauthorized": "অননুমোদিত",
+    "No login credentials were posted": "কোনো লগইন শংসাপত্র পোস্ট করা হয়নি",
+    "Credentials are too long": "শংসাপত্রগুলি খুব দীর্ঘ৷"
 }

translations/ca.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Últimes 2 setmanes",
     "Last month": "El mes passat",
     "Last 6 months": "Últims 6 mesos",
-    "Last year": "L'any passat"
+    "Last year": "L'any passat",
+    "Unauthorized": "No autoritzat",
+    "No login credentials were posted": "No s'ha publicat cap credencial d'inici de sessió",
+    "Credentials are too long": "Les credencials són massa llargues"
 }

translations/cy.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "2 wythnos diwethaf",
     "Last month": "Mis diwethaf",
     "Last 6 months": "6 mis diwethaf",
-    "Last year": "Blwyddyn diwethaf"
+    "Last year": "Blwyddyn diwethaf",
+    "Unauthorized": "Anawdurdodedig",
+    "No login credentials were posted": "Ni bostiwyd unrhyw fanylion mewngofnodi",
+    "Credentials are too long": "Mae manylion yn rhy hir"
 }

translations/de.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Letzte 2 Wochen",
     "Last month": "Im vergangenen Monat",
     "Last 6 months": "Letzte 6 Monate",
-    "Last year": "Vergangenes Jahr"
+    "Last year": "Vergangenes Jahr",
+    "Unauthorized": "Unbefugt",
+    "No login credentials were posted": "Es wurden keine Zugangsdaten gepostet",
+    "Credentials are too long": "Anmeldeinformationen sind zu lang"
 }

translations/el.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Τελευταίες 2 εβδομάδες",
     "Last month": "Τον προηγούμενο μήνα",
     "Last 6 months": "Τελευταίοι 6 μήνες",
-    "Last year": "Πέρυσι"
+    "Last year": "Πέρυσι",
+    "Unauthorized": "Ανεξουσιοδότητος",
+    "No login credentials were posted": "Δεν δημοσιεύτηκαν διαπιστευτήρια σύνδεσης",
+    "Credentials are too long": "Τα διαπιστευτήρια είναι πολύ μεγάλα"
 }

translations/en.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Last 2 weeks",
     "Last month": "Last month",
     "Last 6 months": "Last 6 months",
-    "Last year": "Last year"
+    "Last year": "Last year",
+    "Unauthorized": "Unauthorized",
+    "No login credentials were posted": "No login credentials were posted",
+    "Credentials are too long": "Credentials are too long"
 }

translations/es.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "últimas 2 semanas",
     "Last month": "El mes pasado",
     "Last 6 months": "últimos 6 meses",
-    "Last year": "El año pasado"
+    "Last year": "El año pasado",
+    "Unauthorized": "No autorizado",
+    "No login credentials were posted": "No se publicaron credenciales de inicio de sesión",
+    "Credentials are too long": "Las credenciales son demasiado largas"
 }

translations/fr.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "2 dernières semaines",
     "Last month": "Le mois dernier",
     "Last 6 months": "6 derniers mois",
-    "Last year": "L'année dernière"
+    "Last year": "L'année dernière",
+    "Unauthorized": "Non autorisé",
+    "No login credentials were posted": "Aucun identifiant de connexion n'a été posté",
+    "Credentials are too long": "Les identifiants sont trop longs"
 }

translations/ga.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "2 sheachtain anuas",
     "Last month": "An mhí seo caite",
     "Last 6 months": "6 mhí anuas",
-    "Last year": "Anuraidh"
+    "Last year": "Anuraidh",
+    "Unauthorized": "Neamhúdaraithe",
+    "No login credentials were posted": "Níor postáladh aon dintiúir logáil isteach",
+    "Credentials are too long": "Tá dintiúir ró-fhada"
 }

translations/hi.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "पिछले 2 सप्ताह",
     "Last month": "पिछले महीने",
     "Last 6 months": "पिछले 6 महीने",
-    "Last year": "पिछले साल"
+    "Last year": "पिछले साल",
+    "Unauthorized": "अनधिकृत",
+    "No login credentials were posted": "कोई लॉगिन क्रेडेंशियल पोस्ट नहीं किया गया था",
+    "Credentials are too long": "क्रेडेंशियल बहुत लंबे हैं"
 }

translations/it.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Ultime 2 settimane",
     "Last month": "Lo scorso mese",
     "Last 6 months": "Ultimi 6 mesi",
-    "Last year": "L'anno scorso"
+    "Last year": "L'anno scorso",
+    "Unauthorized": "Non autorizzato",
+    "No login credentials were posted": "Non sono state pubblicate credenziali di accesso",
+    "Credentials are too long": "Le credenziali sono troppo lunghe"
 }

translations/ja.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "過去 2 週間",
     "Last month": "先月",
     "Last 6 months": "過去 6 か月",
-    "Last year": "去年"
+    "Last year": "去年",
+    "Unauthorized": "無許可",
+    "No login credentials were posted": "ログイン認証情報が投稿されていません",
+    "Credentials are too long": "資格情報が長すぎます"
 }

translations/ko.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "지난 2주",
     "Last month": "지난 달",
     "Last 6 months": "지난 6개월",
-    "Last year": "작년"
+    "Last year": "작년",
+    "Unauthorized": "무단",
+    "No login credentials were posted": "게시된 로그인 자격 증명이 없습니다.",
+    "Credentials are too long": "자격 증명이 너무 깁니다."
 }

translations/ku.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "2 hefteyên dawî",
     "Last month": "meha borî",
     "Last 6 months": "6 mehên dawî",
-    "Last year": "Sala borî"
+    "Last year": "Sala borî",
+    "Unauthorized": "Bêmaf",
+    "No login credentials were posted": "Tu pêbaweriyên têketinê nehatin şandin",
+    "Credentials are too long": "Bawernameyên pir dirêj in"
 }

translations/nl.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Afgelopen 2 weken",
     "Last month": "Vorige maand",
     "Last 6 months": "Afgelopen 6 maanden",
-    "Last year": "Afgelopen jaar"
+    "Last year": "Afgelopen jaar",
+    "Unauthorized": "Ongeautoriseerd",
+    "No login credentials were posted": "Er zijn geen inloggegevens gepost",
+    "Credentials are too long": "Inloggegevens zijn te lang"
 }

translations/oc.json

@@ -583,5 +583,8 @@
     "Last 2 weeks": "Last 2 weeks",
     "Last month": "Last month",
     "Last 6 months": "Last 6 months",
-    "Last year": "Last year"
+    "Last year": "Last year",
+    "Unauthorized": "Unauthorized",
+    "No login credentials were posted": "No login credentials were posted",
+    "Credentials are too long": "Credentials are too long"
 }

translations/pl.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Ostatnie 2 tygodnie",
     "Last month": "W zeszłym miesiącu",
     "Last 6 months": "Ostatnie 6 miesięcy",
-    "Last year": "Ostatni rok"
+    "Last year": "Ostatni rok",
+    "Unauthorized": "Nieautoryzowany",
+    "No login credentials were posted": "Nie opublikowano danych logowania",
+    "Credentials are too long": "Poświadczenia są za długie"
 }

translations/pt.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Últimas 2 semanas",
     "Last month": "Mês passado",
     "Last 6 months": "Últimos 6 meses",
-    "Last year": "Ano passado"
+    "Last year": "Ano passado",
+    "Unauthorized": "Não autorizado",
+    "No login credentials were posted": "Nenhuma credencial de login foi postada",
+    "Credentials are too long": "As credenciais são muito longas"
 }

translations/ru.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Последние 2 недели",
     "Last month": "Прошлый месяц",
     "Last 6 months": "Последние 6 месяцев",
-    "Last year": "Прошедший год"
+    "Last year": "Прошедший год",
+    "Unauthorized": "Неавторизованный",
+    "No login credentials were posted": "Учетные данные для входа не были отправлены",
+    "Credentials are too long": "Учетные данные слишком длинные"
 }

translations/sw.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Wiki 2 zilizopita",
     "Last month": "Mwezi uliopita",
     "Last 6 months": "Miezi 6 iliyopita",
-    "Last year": "Mwaka jana"
+    "Last year": "Mwaka jana",
+    "Unauthorized": "Haijaidhinishwa",
+    "No login credentials were posted": "Hakuna kitambulisho cha kuingia kilichochapishwa",
+    "Credentials are too long": "Kitambulisho ni kirefu sana"
 }

translations/tr.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Son 2 hafta",
     "Last month": "Geçen ay",
     "Last 6 months": "Son 6 ay",
-    "Last year": "Geçen yıl"
+    "Last year": "Geçen yıl",
+    "Unauthorized": "Yetkisiz",
+    "No login credentials were posted": "Giriş bilgileri gönderilmedi",
+    "Credentials are too long": "Kimlik bilgileri çok uzun"
 }

translations/uk.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "Останні 2 тижні",
     "Last month": "Минулого місяця",
     "Last 6 months": "Останні 6 місяців",
-    "Last year": "Минулого року"
+    "Last year": "Минулого року",
+    "Unauthorized": "Несанкціонований",
+    "No login credentials were posted": "Облікові дані для входу не опубліковано",
+    "Credentials are too long": "Облікові дані задовгі"
 }

translations/yi.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "לעצטע 2 וואָכן",
     "Last month": "לעצטע מאנאט",
     "Last 6 months": "לעצטע 6 חדשים",
-    "Last year": "לעצטע יאר"
+    "Last year": "לעצטע יאר",
+    "Unauthorized": "אַנאָטערייזד",
+    "No login credentials were posted": "קיין לאָגין קראַדענטשאַלז זענען אַרייַנגעשיקט",
+    "Credentials are too long": "קראַדענטשאַלז זענען צו לאַנג"
 }

translations/zh.json

@@ -587,5 +587,8 @@
     "Last 2 weeks": "过去 2 周",
     "Last month": "上个月",
     "Last 6 months": "过去 6 个月",
-    "Last year": "去年"
+    "Last year": "去年",
+    "Unauthorized": "未经授权",
+    "No login credentials were posted": "未发布登录凭据",
+    "Credentials are too long": "凭据太长"
 }

webapp_login.py

@@ -17,23 +17,25 @@ from webapp_utils import set_custom_background
 from webapp_utils import html_header_with_website_markup
 from webapp_utils import html_footer
 from webapp_utils import html_keyboard_navigation
+from webapp_utils import text_mode_browser
 from theme import get_text_mode_logo
 
 
-def html_get_login_credentials(loginParams: str,
+def html_get_login_credentials(login_params: str,
                                last_login_time: int,
                                domain: str) -> (str, str, bool):
     """Receives login credentials via HTTPServer POST
     """
-    if not loginParams.startswith('username='):
+    if not login_params.startswith('username='):
+        if '&username=' not in login_params:
             return None, None, None
     # minimum time between login attempts
     curr_time = int(time.time())
     if curr_time < last_login_time + 10:
         return None, None, None
-    if '&' not in loginParams:
+    if '&' not in login_params:
         return None, None, None
-    login_args = loginParams.split('&')
+    login_args = login_params.split('&')
     nickname = None
     password = None
     register = False
@@ -58,7 +60,8 @@ def html_login(translate: {},
                base_dir: str,
                http_prefix: str, domain: str,
                system_language: str,
-               autocomplete: bool) -> str:
+               autocomplete: bool,
+               ua_str: str) -> str:
     """Shows the login screen
     """
     accounts = no_of_accounts(base_dir)
@@ -132,19 +135,19 @@ def html_login(translate: {},
                     translate[idx] + \
                     '</p>'
             register_button_str = \
-                '<button type="submit" name="register">' + \
+                '<button type="submit" name="register" tabindex="1">' + \
                 translate['Register'] + '</button>'
 
     tos_str = \
-        '<p class="login-text"><a href="/about">' + \
+        '<p class="login-text"><a href="/about" tabindex="2">' + \
         translate['About this Instance'] + '</a></p>' + \
-        '<p class="login-text"><a href="/terms">' + \
+        '<p class="login-text"><a href="/terms" tabindex="2">' + \
         translate['Terms of Service'] + '</a></p>'
 
     login_button_str = ''
     if accounts > 0:
         login_button_str = \
-            '<button type="submit" name="submit">' + \
+            '<button type="submit" name="submit" tabindex="1">' + \
             translate['Login'] + '</button>'
 
     autocomplete_nickname_str = 'autocomplete="username"'
@@ -177,18 +180,25 @@ def html_login(translate: {},
         translate['Nickname'] + '</b></label>\n' + \
         '    <input type="text" ' + autocomplete_nickname_str + \
         ' placeholder="' + translate['Enter Nickname'] + '" ' + \
-        'pattern="' + nickname_pattern + '" name="username" ' + \
+        'pattern="' + nickname_pattern + '" name="username" tabindex="1" ' + \
-        'required autofocus>\n' + \
+        'required autofocus>'
-        '\n' + \
+    in_text_mode = text_mode_browser(ua_str)
+    if in_text_mode:
+        login_form += '<br>'
+    login_form += \
+        '\n\n' + \
         '    <label for="password"><b>' + \
         translate['Password'] + '</b></label>\n' + \
         '    <input type="password" ' + autocomplete_password_str + \
         ' placeholder="' + translate['Enter Password'] + '" ' + \
-        'pattern="{8,256}" name="password" required>\n' + \
+        'pattern="{8,256}" name="password" tabindex="1" required>'
-        login_button_str + register_button_str + '\n' + \
+    if in_text_mode:
+        login_form += '<br><br>'
+    login_form += \
+        '\n' + login_button_str + register_button_str + '\n' + \
         '  </div>\n' + \
         '</form>\n' + \
-        '<a href="https://gitlab.com/bashrc2/epicyon">' + \
+        '<a href="https://gitlab.com/bashrc2/epicyon" tabindex="2">' + \
         '<img loading="lazy" decoding="async" class="license" title="' + \
         translate['Get the source code'] + '" alt="' + \
         translate['Get the source code'] + '" src="/icons/agpl.png" /></a>\n'

webapp_timeline.py

@@ -23,6 +23,7 @@ from utils import remove_eol
 from follow import follower_approval_active
 from person import is_person_snoozed
 from markdown import markdown_to_html
+from webapp_utils import text_mode_browser
 from webapp_utils import html_keyboard_navigation
 from webapp_utils import html_hide_from_screen_reader
 from webapp_utils import html_post_separator
@@ -382,16 +383,6 @@ def _html_timeline_keyboard(moderator: bool, text_mode_banner: str,
                                     follow_approvals)
 
 
-def text_mode_browser(ua_str: str) -> bool:
-    """Does the user agent indicate a text mode browser?
-    """
-    text_mode_agents = ('Lynx/', 'w3m/', 'Links (', 'Emacs/', 'ELinks')
-    for agent in text_mode_agents:
-        if agent in ua_str:
-            return True
-    return False
-
-
 def _html_timeline_end(base_dir: str, nickname: str, domain_full: str,
                        http_prefix: str, translate: {},
                        moderator: bool, editor: bool,

webapp_utils.py

@@ -1887,3 +1887,13 @@ def html_common_emoji(base_dir: str, no_of_emoji: int) -> str:
             ctr += 1
         line_ctr += 1
     return html_str
+
+
+def text_mode_browser(ua_str: str) -> bool:
+    """Does the user agent indicate a text mode browser?
+    """
+    text_mode_agents = ('Lynx/', 'w3m/', 'Links (', 'Emacs/', 'ELinks')
+    for agent in text_mode_agents:
+        if agent in ua_str:
+            return True
+    return False