Clear login credentials if supported by the browser

main2
Bob Mottram 2019-10-30 12:22:59 +00:00
parent 6f1d5d0cbd
commit feda4d1eec
2 changed files with 21 additions and 10 deletions

View File

@ -242,6 +242,16 @@ class PubServer(BaseHTTPRequestHandler):
self.send_header('X-Robots-Tag','noindex') self.send_header('X-Robots-Tag','noindex')
self.end_headers() self.end_headers()
def _logout_headers(self,fileFormat: str,length: int) -> None:
self.send_response(200)
self.send_header('Content-type', fileFormat)
self.send_header('Content-Length', str(length))
self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict')
self.send_header('Host', self.server.domainFull)
self.send_header('WWW-Authenticate', 'title="Login to Epicyon", Basic realm="epicyon"')
self.send_header('X-Robots-Tag','noindex')
self.end_headers()
def _set_headers(self,fileFormat: str,length: int,cookie: str) -> None: def _set_headers(self,fileFormat: str,length: int,cookie: str) -> None:
self.send_response(200) self.send_response(200)
self.send_header('Content-type', fileFormat) self.send_header('Content-type', fileFormat)
@ -634,12 +644,9 @@ class PubServer(BaseHTTPRequestHandler):
def do_GET(self): def do_GET(self):
if self.path=='/logout': if self.path=='/logout':
self.send_response(303) msg=htmlLogin(self.server.translate,self.server.baseDir,False).encode('utf-8')
self.send_header('Content-Length', '0') self._logout_headers('text/html',len(msg))
self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') self._write(msg)
self.send_header('Location', '/')
self.send_header('X-Robots-Tag','noindex')
self.end_headers()
return return
# redirect music to #nowplaying list # redirect music to #nowplaying list

View File

@ -669,7 +669,7 @@ def htmlGetLoginCredentials(loginParams: str,lastLoginTime: int) -> (str,str,boo
register=True register=True
return nickname,password,register return nickname,password,register
def htmlLogin(translate: {},baseDir: str) -> str: def htmlLogin(translate: {},baseDir: str,autocomplete=True) -> str:
"""Shows the login screen """Shows the login screen
""" """
accounts=noOfAccounts(baseDir) accounts=noOfAccounts(baseDir)
@ -710,7 +710,11 @@ def htmlLogin(translate: {},baseDir: str) -> str:
loginButtonStr='' loginButtonStr=''
if accounts>0: if accounts>0:
loginButtonStr='<button type="submit" name="submit">'+translate['Login']+'</button>' loginButtonStr='<button type="submit" name="submit">'+translate['Login']+'</button>'
autocompleteStr=''
if not autocomplete:
autocompleteStr='autocomplete="off"'
loginForm=htmlHeader(cssFilename,loginCSS) loginForm=htmlHeader(cssFilename,loginCSS)
loginForm+= \ loginForm+= \
'<form method="POST" action="/login">' \ '<form method="POST" action="/login">' \
@ -721,10 +725,10 @@ def htmlLogin(translate: {},baseDir: str) -> str:
'' \ '' \
' <div class="container">' \ ' <div class="container">' \
' <label for="nickname"><b>'+translate['Nickname']+'</b></label>' \ ' <label for="nickname"><b>'+translate['Nickname']+'</b></label>' \
' <input type="text" placeholder="'+translate['Enter Nickname']+'" name="username" required autofocus>' \ ' <input type="text" '+autocompleteStr+' placeholder="'+translate['Enter Nickname']+'" name="username" required autofocus>' \
'' \ '' \
' <label for="password"><b>'+translate['Password']+'</b></label>' \ ' <label for="password"><b>'+translate['Password']+'</b></label>' \
' <input type="password" placeholder="'+translate['Enter Password']+'" name="password" required>'+ \ ' <input type="password" '+autocompleteStr+' placeholder="'+translate['Enter Password']+'" name="password" required>'+ \
registerButtonStr+loginButtonStr+ \ registerButtonStr+loginButtonStr+ \
' </div>' \ ' </div>' \
'</form>' '</form>'