daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-28 06:20:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "refactor: move deSEC password-reveal logic from JS to Twig (PRG pattern)"

Browse Source 
This reverts commit 1c6ca098d5.
This commit is contained in:
Simon L.
2026-04-26 18:25:39 +02:00
parent 1c6ca098d5
commit 11d8050085
6 changed files with 25 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
php/public/forms.js
View File

@@ -16,13 +16,21 @@
setTimeout(toast.remove.bind(toast), 10000)
}
function handleEvent(e) {
function handleEvent(e, form) {
const xhr = e.target;
if (xhr.status === 201) {
window.location.replace(xhr.getResponseHeader('Location'));
} else if (xhr.status === 422) {
disableSpinner()
showError(xhr.response);
if (form) {
const revealSelector = form.dataset.revealOnError;
const revealWhen = form.dataset.revealWhen;
if (revealSelector && (!revealWhen || xhr.response.includes(revealWhen))) {
const target = document.querySelector(revealSelector);
if (target) target.style.display = '';
}
}
} else if (xhr.status === 500) {
showError("Server error. Please check the mastercontainer logs for details. This page will reload after 10s automatically. Then you can check the mastercontainer logs.");
// Reload after 10s since it is expected that the updated view is shown (e.g. after starting containers)
@@ -50,7 +58,7 @@
lastError.remove()
}
let xhr = new XMLHttpRequest();
xhr.addEventListener('load', handleEvent);
xhr.addEventListener('load', function(e) { handleEvent(e, form); });
xhr.addEventListener('error', () => showError("Failed to talk to server."));
xhr.addEventListener('error', () => disableSpinner());
xhr.open(form.method, form.getAttribute("action"));

4
php/public/index.php
View File

@@ -185,11 +185,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
'desec_password' => $configurationManager->desecPassword,
'is_desec_domain' => $configurationManager->isDesecDomain(),
'desec_account_registered' => $configurationManager->isDesecAccountRegistered(),
'desec_show_password' => (bool)($_SESSION['desec_show_password'] ?? false),
'desec_prefill_email' => (string)($_SESSION['desec_prefill_email'] ?? ''),
'desec_error' => (string)($_SESSION['desec_error'] ?? ''),
]);
unset($_SESSION['desec_show_password'], $_SESSION['desec_prefill_email'], $_SESSION['desec_error']);
})->setName('profile');
$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
$view = Twig::fromRequest($request);

21
php/src/Controller/DesecController.php
View File

@@ -3,7 +3,6 @@ declare(strict_types=1);
namespace AIO\Controller;
use AIO\Desec\AlreadyRegisteredException;
use AIO\Desec\DesecManager;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
@@ -15,23 +14,15 @@ readonly class DesecController {
}
public function Register(Request $request, Response $response, array $args): Response {
$email = (string)($request->getParsedBody()['desec_email'] ?? '');
$slug = (string)($request->getParsedBody()['desec_slug'] ?? '');
$password = (string)($request->getParsedBody()['desec_password'] ?? '');
try {
$email = (string)($request->getParsedBody()['desec_email'] ?? '');
$slug = (string)($request->getParsedBody()['desec_slug'] ?? '');
$password = (string)($request->getParsedBody()['desec_password'] ?? '');
$this->desecManager->register($email, $slug, $password);
} catch (AlreadyRegisteredException $ex) {
$_SESSION['desec_show_password'] = true;
$_SESSION['desec_prefill_email'] = $ex->email;
$_SESSION['desec_error'] = $ex->getMessage();
return $response->withStatus(201)->withHeader('Location', '.');
} catch (\Exception $ex) {
$_SESSION['desec_error'] = $ex->getMessage();
$response->getBody()->write($ex->getMessage());
return $response->withStatus(422);
}
// Post/Redirect/Get: always redirect back to the containers page.
// The browser follows the Location header and issues a fresh GET,
// which prevents form-resubmission on reload.
return $response->withStatus(303)->withHeader('Location', '../../containers');
}
}

20
php/src/Desec/AlreadyRegisteredException.php
View File

@@ -1,20 +0,0 @@
<?php
declare(strict_types=1);
namespace AIO\Desec;
/**
* Thrown when a deSEC account registration attempt fails because the email address
* is already associated with an existing account. The controller catches this to
* redirect the user back to the registration form with the password field revealed.
*/
class AlreadyRegisteredException extends \Exception {
public function __construct(
public readonly string $email,
) {
parent::__construct(
'This email address is already registered at deSEC. '
. 'If this is your account, please enter your deSEC password in the password field and try again.',
);
}
}

5
php/src/Desec/DesecManager.php
View File

@@ -122,7 +122,10 @@ class DesecManager {
if ($code === 400) {
$data = json_decode($body, true, 512, JSON_THROW_ON_ERROR);
if (is_array($data) && isset($data['email'])) {
throw new AlreadyRegisteredException($email);
throw new \Exception(
'This email address is already registered at deSEC. '
. 'If this is your account, please enter your deSEC password in the password field and try again.',
);
}
throw new \Exception('Registration at deSEC failed (HTTP 400): ' . $body);
}

13
php/templates/includes/desec-register.twig
View File

@@ -4,7 +4,7 @@
{% if desec_account_registered %}
<p>Your deSEC account (<strong>{{ desec_email }}</strong>) was registered successfully but the domain could not be registered. Please enter a desired subdomain slug (the part before <code>.dedyn.io</code>) and try again, or leave it blank for a random one.</p>
<p>Your deSEC login credentials (for <a target="_blank" href="https://desec.io">desec.io</a>): Email: <strong>{{ desec_email }}</strong>. <details style="display:inline"><summary>Reveal deSEC password</summary><strong>{{ desec_password }}</strong></details>. Please save these in a safe place.</p>
<form method="POST" action="api/desec/register">
<form method="POST" action="api/desec/register" class="xhr">
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
<input type="text" name="desec_slug" placeholder="my-nextcloud (optional)" pattern="[a-z0-9]([a-z0-9\-]{0,61}[a-z0-9])?" title="Only lowercase letters, digits and hyphens (163 characters). No leading or trailing hyphen." />
@@ -12,17 +12,14 @@
</form>
{% else %}
<p>Please enter your email address. You can also enter a desired subdomain slug (the part before <code>.dedyn.io</code>); leave it blank for a random one.</p>
{% if desec_error %}
<p style="color: var(--color-error-text)">{{ desec_error }}</p>
{% endif %}
<form method="POST" action="api/desec/register">
<form method="POST" action="api/desec/register" class="xhr" data-reveal-on-error="#desec-password-field" data-reveal-when="already registered at deSEC">
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
<input type="email" name="desec_email" placeholder="your@email.com" required {% if desec_prefill_email %}value="{{ desec_prefill_email }}"{% endif %} />
{% if desec_show_password %}
<input type="email" name="desec_email" placeholder="your@email.com" required />
<div id="desec-password-field" style="display:none">
<p>This email address is already registered at deSEC. Enter your deSEC password below to log in with it instead of creating a new account.</p>
<input type="password" name="desec_password" placeholder="deSEC password" autocomplete="current-password" />
{% endif %}
</div>
<input type="text" name="desec_slug" placeholder="my-nextcloud (optional)" pattern="[a-z0-9]([a-z0-9\-]{0,61}[a-z0-9])?" title="Only lowercase letters, digits and hyphens (163 characters). No leading or trailing hyphen." />
<input type="submit" value="Register free domain via deSEC" />
</form>