From feda4d1eec0fb3737d9bd013bc6427d0778a9ba9 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 30 Oct 2019 12:22:59 +0000 Subject: [PATCH] Clear login credentials if supported by the browser --- daemon.py | 19 +++++++++++++------ webinterface.py | 12 ++++++++---- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/daemon.py b/daemon.py index c8ad00229..e7a37f1fe 100644 --- a/daemon.py +++ b/daemon.py @@ -242,6 +242,16 @@ class PubServer(BaseHTTPRequestHandler): self.send_header('X-Robots-Tag','noindex') self.end_headers() + def _logout_headers(self,fileFormat: str,length: int) -> None: + self.send_response(200) + self.send_header('Content-type', fileFormat) + self.send_header('Content-Length', str(length)) + self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') + self.send_header('Host', self.server.domainFull) + self.send_header('WWW-Authenticate', 'title="Login to Epicyon", Basic realm="epicyon"') + self.send_header('X-Robots-Tag','noindex') + self.end_headers() + def _set_headers(self,fileFormat: str,length: int,cookie: str) -> None: self.send_response(200) self.send_header('Content-type', fileFormat) @@ -634,12 +644,9 @@ class PubServer(BaseHTTPRequestHandler): def do_GET(self): if self.path=='/logout': - self.send_response(303) - self.send_header('Content-Length', '0') - self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') - self.send_header('Location', '/') - self.send_header('X-Robots-Tag','noindex') - self.end_headers() + msg=htmlLogin(self.server.translate,self.server.baseDir,False).encode('utf-8') + self._logout_headers('text/html',len(msg)) + self._write(msg) return # redirect music to #nowplaying list diff --git a/webinterface.py b/webinterface.py index 1d499db46..493c1f98e 100644 --- a/webinterface.py +++ b/webinterface.py @@ -669,7 +669,7 @@ def htmlGetLoginCredentials(loginParams: str,lastLoginTime: int) -> (str,str,boo register=True return nickname,password,register -def htmlLogin(translate: {},baseDir: str) -> str: +def htmlLogin(translate: {},baseDir: str,autocomplete=True) -> str: """Shows the login screen """ accounts=noOfAccounts(baseDir) @@ -710,7 +710,11 @@ def htmlLogin(translate: {},baseDir: str) -> str: loginButtonStr='' if accounts>0: loginButtonStr='' - + + autocompleteStr='' + if not autocomplete: + autocompleteStr='autocomplete="off"' + loginForm=htmlHeader(cssFilename,loginCSS) loginForm+= \ '
' \ @@ -721,10 +725,10 @@ def htmlLogin(translate: {},baseDir: str) -> str: '' \ '
' \ ' ' \ - ' ' \ + ' ' \ '' \ ' ' \ - ' '+ \ + ' '+ \ registerButtonStr+loginButtonStr+ \ '
' \ '
'