Support logging out of password-protected blogs

Closes T492
pull/444/head
Matt Baer 4 years ago
parent 811f996e84
commit 5a3e8d59b6
  1. 48
      collections.go
  2. 1
      routes.go
  3. 57
      templates/collection.tmpl
  4. 12
      templates/password-collection.tmpl

@ -110,6 +110,8 @@ type (
// User-related fields // User-related fields
isCollOwner bool isCollOwner bool
isAuthorized bool
} }
) )
@ -553,6 +555,7 @@ type CollectionPage struct {
IsCustomDomain bool IsCustomDomain bool
IsWelcome bool IsWelcome bool
IsOwner bool IsOwner bool
IsCollLoggedIn bool
CanPin bool CanPin bool
Username string Username string
Monetization string Monetization string
@ -672,9 +675,9 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R
} }
// See if we've authorized this collection // See if we've authorized this collection
authd := isAuthorizedForCollection(app, c.Alias, r) cr.isAuthorized = isAuthorizedForCollection(app, c.Alias, r)
if !authd { if !cr.isAuthorized {
p := struct { p := struct {
page.StaticPage page.StaticPage
*CollectionObj *CollectionObj
@ -792,6 +795,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
// Serve collection // Serve collection
displayPage := CollectionPage{ displayPage := CollectionPage{
DisplayCollection: coll, DisplayCollection: coll,
IsCollLoggedIn: cr.isAuthorized,
StaticPage: pageForReq(app, r), StaticPage: pageForReq(app, r),
IsCustomDomain: cr.isCustomDomain, IsCustomDomain: cr.isCustomDomain,
IsWelcome: r.FormValue("greeting") != "", IsWelcome: r.FormValue("greeting") != "",
@ -1158,3 +1162,43 @@ func isAuthorizedForCollection(app *App, alias string, r *http.Request) bool {
} }
return authd return authd
} }
func logOutCollection(app *App, alias string, w http.ResponseWriter, r *http.Request) error {
session, err := app.sessionStore.Get(r, blogPassCookieName)
if err != nil {
return err
}
// Remove this from map of blogs logged into
delete(session.Values, alias)
// If not auth'd with any blog, delete entire cookie
if len(session.Values) == 0 {
session.Options.MaxAge = -1
}
return session.Save(r, w)
}
func handleLogOutCollection(app *App, w http.ResponseWriter, r *http.Request) error {
alias := collectionAliasFromReq(r)
var c *Collection
var err error
if app.cfg.App.SingleUser {
c, err = app.db.GetCollectionByID(1)
} else {
c, err = app.db.GetCollection(alias)
}
if err != nil {
return err
}
if !c.IsProtected() {
// Invalid to log out of this collection
return ErrCollectionPageNotFound
}
err = logOutCollection(app, c.Alias, w, r)
if err != nil {
addSessionFlash(app, w, r, "Logging out failed. Try clearing cookies for this site, instead.", nil)
}
return impart.HTTPError{http.StatusFound, c.CanonicalURL()}
}

@ -204,6 +204,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
} }
func RouteCollections(handler *Handler, r *mux.Router) { func RouteCollections(handler *Handler, r *mux.Router) {
r.HandleFunc("/logout", handler.Web(handleLogOutCollection, UserLevelOptional))
r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelReader)) r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelReader))
r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelReader)) r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelReader))
r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader)) r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader))

@ -40,27 +40,42 @@
</head> </head>
<body id="collection" itemscope itemtype="http://schema.org/WebPage"> <body id="collection" itemscope itemtype="http://schema.org/WebPage">
{{if or .IsOwner .SingleUser}}<nav id="manage"><ul> {{if or .IsOwner .SingleUser}}
<li class="has-submenu"><a onclick="void(0)">&#9776; Menu</a> <nav id="manage"><ul>
<ul> <li class="has-submenu"><a onclick="void(0)">&#9776; Menu</a>
{{ if .IsOwner }} <ul>
{{if .SingleUser}} {{ if .IsOwner }}
<li><a href="/me/new">New Post</a></li> {{if .SingleUser}}
{{else}} <li><a href="/me/new">New Post</a></li>
<li><a href="/#{{.Alias}}" class="write">{{.SiteName}}</a></li> {{else}}
{{end}} <li><a href="/#{{.Alias}}" class="write">{{.SiteName}}</a></li>
{{if .SimpleNav}}<li><a href="/new#{{.Alias}}">New Post</a></li>{{end}} {{end}}
<li><a href="/me/c/{{.Alias}}">Customize</a></li> {{if .SimpleNav}}<li><a href="/new#{{.Alias}}">New Post</a></li>{{end}}
<li><a href="/me/c/{{.Alias}}/stats">Stats</a></li> <li><a href="/me/c/{{.Alias}}">Customize</a></li>
<li class="separator"><hr /></li> <li><a href="/me/c/{{.Alias}}/stats">Stats</a></li>
{{if not .SingleUser}}<li><a href="/me/c/"><img class="ic-18dp" src="/img/ic_blogs_dark@2x.png" /> View Blogs</a></li>{{end}} <li class="separator"><hr /></li>
<li><a href="/me/posts/"><img class="ic-18dp" src="/img/ic_list_dark@2x.png" /> View Drafts</a></li> {{if not .SingleUser}}<li><a href="/me/c/"><img class="ic-18dp" src="/img/ic_blogs_dark@2x.png" /> View Blogs</a></li>{{end}}
{{ else }} <li><a href="/me/posts/"><img class="ic-18dp" src="/img/ic_list_dark@2x.png" /> View Drafts</a></li>
<li><a href="/login">Log in</a></li> {{ else }}
{{ end }} <li><a href="/login">Log in{{if .IsProtected}} to {{.DisplayTitle}}{{end}}</a></li>
</ul> {{if .IsProtected}}
</li> <li class="separator"><hr /></li>
</ul></nav>{{end}} <li><a href="/logout">Log out</a></li>
{{end}}
{{ end }}
</ul>
</li>
</ul></nav>
{{else if .IsCollLoggedIn}}
<nav id="manage" class="shiny"><ul>
<li class="has-submenu"><a onclick="void(0)">&#9776; Menu</a>
<ul>
<li class="menu-heading" style="padding: .5rem .75rem; box-sizing: border-box;">{{.DisplayTitle}}</li>
<li><a href="{{.CanonicalURL}}logout">Log out</a></li>
</ul>
</li>
</ul></nav>
{{end}}
<header> <header>
{{if .Silenced}} {{if .Silenced}}

@ -25,6 +25,18 @@
</head> </head>
<body id="collection" itemscope itemtype="http://schema.org/WebPage"> <body id="collection" itemscope itemtype="http://schema.org/WebPage">
{{if .SingleUser}}
<nav id="manage">
<ul>
<li class="has-submenu"><a onclick="void(0)">&#9776; Menu</a>
<ul>
<li><a href="/login">Log in</a></li>
</ul>
</li>
</ul>
</nav>
{{end}}
<header> <header>
<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1> <h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
</header> </header>

Loading…
Cancel
Save