refactor login handling

haarg · haarg · commit bcb959855f81 · 2021-04-29T02:00:48.000+02:00
Previously, logins were handled by embedding a lot into the templates,
requiring special handling for OpenID and PAUSE. It also required the
oauth urls and keys to be available on every page, which meant it had to
have special handling in the core view module.

Move to using separate end points for each login type, which then can do
their own handling as appropriate. For OpenID and PAUSE, this means
showing a form. For others, it's an immediate redirect. Now only the
login controller needs to know anything about the oauth keys and URLs.
The templates can be simpler because they don't need any per-account
handling. And it adds a form for the PAUSE login, rather than the ugly
javascript prompt.
diff --git a/lib/MetaCPAN/Web/Controller/Login.pm b/lib/MetaCPAN/Web/Controller/Login.pm
@@ -3,24 +3,35 @@ package MetaCPAN::Web::Controller::Login;
 use Moose;
 use namespace::autoclean;
 
+use URI ();
+
 BEGIN { extends 'MetaCPAN::Web::Controller' }
 
 has consumer_key    => ( is => 'ro' );
 has consumer_secret => ( is => 'ro' );
+has openid_url      => ( is => 'ro' );
+has oauth_url       => ( is => 'ro' );
 
 sub COMPONENT {
     my ( $class, $app, $args ) = @_;
     my $config = $class->merge_config_hashes(
         {
             consumer_key    => $app->config->{consumer_key},
             consumer_secret => $app->config->{consumer_secret},
+            openid_url      =>
+                ( $app->config->{api_public} || $app->config->{api} )
+                . '/login/openid',
+            oauth_url => ( $app->config->{api_public} || $app->config->{api} )
+                . '/oauth2/authorize',
         },
         $args,
     );
     return $class->SUPER::COMPONENT( $app, $config );
 }
 
-sub index : Path : Args(0) {
+sub login_root : Chained('/') : PathPart('login') : CaptureArgs(0) { }
+
+sub index : Chained('login_root') : PathPart('') : Args(0) {
     my ( $self, $c ) = @_;
 
     # Never cache at CDN
@@ -52,18 +63,43 @@ sub index : Path : Args(0) {
     }
 }
 
-sub openid : Local : Args(0) {
+sub openid : Chained('login_root') : PathPart : Args(0) {
     my ( $self, $c ) = @_;
 
     # Never cache at CDN
     $c->cdn_never_cache(1);
 
     $c->stash( {
         consumer_key => $self->consumer_key,
-        template     => 'account/openid-login.html',
+        openid_url   => $self->openid_url,
     } );
 }
 
+sub pause : Chained('login_root') : PathPart : Args(0) {
+    my ( $self, $c ) = @_;
+
+    # Never cache at CDN
+    $c->cdn_never_cache(1);
+
+    $c->stash( {
+        oauth_url    => $self->oauth_url,
+        consumer_key => $self->consumer_key,
+    } );
+}
+
+sub login : Chained('login_root') : PathPart('') : Args(1) {
+    my ( $self, $c, $choice ) = @_;
+
+    my $url = URI->new( $self->oauth_url );
+    $url->query_form( {
+        client_id => $self->consumer_key,
+        choice    => $choice,
+    } );
+
+    $c->res->redirect( $url->as_string );
+    $c->detach;
+}
+
 __PACKAGE__->meta->make_immutable;
 
 1;
diff --git a/lib/MetaCPAN/Web/View/HTML.pm b/lib/MetaCPAN/Web/View/HTML.pm
@@ -47,14 +47,10 @@ around render => sub {
 
     my $req = $c->req;
 
-    $vars->{api_public}  = $self->api_public;
-    $vars->{source_host} = $self->source_host;
-    $vars->{assets}      = $req->env->{'psgix.assets'} || [];
-    $vars->{req}         = $req;
-    $vars->{oauth_prefix}
-        = $self->api_public
-        . '/oauth2/authorize?client_id='
-        . $c->config->{consumer_key};
+    $vars->{api_public}         = $self->api_public;
+    $vars->{source_host}        = $self->source_host;
+    $vars->{assets}             = $req->env->{'psgix.assets'} || [];
+    $vars->{req}                = $req;
     $vars->{site_alert_message} = $c->config->{site_alert_message};
     $vars->{page_url}           = sub {
         @_ ? $req->uri_with(@_) : $req->uri->clone;
diff --git a/root/account/identities.html b/root/account/identities.html
@@ -5,24 +5,22 @@ <h4><strong>Information</strong></h4>
       Identities you are connected to allow you to log into MetaCPAN. MetaCPAN also drags in some information from them to help you with filling in your <a href="/account/profile">profile</a>. This information is not exposed to anyone unless you explicitly publish it.
     </div>
     <table width="300">
-    <%- FOREACH identity IN ['GitHub', 'PAUSE', 'Twitter', 'Google', 'OpenID']; found = user.identity.grep(->(a){ a.name == identity.lower }) %>
+<%- FOREACH identity IN ['GitHub', 'PAUSE', 'Twitter', 'Google', 'OpenID'];
+    connected = user.identity.grep(->(a){ a.name == identity.lower }).0;
+%>
     <tr>
         <td><big><% identity %></big></td>
         <td>
-            <%- IF found.size %>
-                <form action="/account/identities" method="POST">
+            <%- IF connected %>
+                <form method="POST">
                     <input type="hidden" name="delete" value="<% identity.lower %>" />
                     <button type="submit" class="btn btn-block btn-danger"><span class="fa fa-times"></span> Disconnect</button>
                 </form>
             <%- ELSE %>
-                <%- IF identity == 'OpenID' %>
-                    <a class="btn btn-block btn-success" href="/login/openid"><span class="fa fa-external-link"></span> Connect</a>
-                <%- ELSE %>
-                    <a class="btn btn-block btn-success" href="<% oauth_prefix %>&amp;choice=<% identity.lower %>" onclick="return logInPAUSE(this)"><span class="fa fa-external-link"></span> Connect</a>
-                <% END %>
+                <a class="btn btn-block btn-success" href="/login/<% identity.lower %>"><span class="fa fa-external-link"></span> Connect</a>
             <%- END %>
         </td>
     </tr>
-    <%- END %>
+<%- END %>
 </table>
 </div>
diff --git a/root/account/profile.html b/root/account/profile.html
@@ -3,7 +3,7 @@
     <% IF no_profile -%>
     <div class="alert alert-danger">
       <h4 class="alert-heading">Error</h4>
-      In order to change your profile you have to <a href="<% oauth_prefix %>&amp;choice=pause" onclick="return logInPAUSE(this)">connect your account to PAUSE</a>.
+      In order to change your profile you have to <a href="/login/pause">connect your account to PAUSE</a>.
     </div>
     <% ELSE -%>
     <form method="POST" action="" class="form-horizontal" role="form" accept-charset="utf-8">
diff --git a/root/login/openid.html b/root/login/openid.html
@@ -2,7 +2,7 @@
     <div class="container-fluid">
         <div class="col-md-offset-3 col-md-6">
             <p class="text-center">Log into MetaCPAN using OpenID</p>
-            <form action="<% api_public %>/login/openid">
+            <form action="<% openid_url %>">
                 <input type="hidden" name="client_id" value="<% consumer_key %>">
                 <div class="input-group">
                     <span class="input-group-addon">
diff --git a/root/login/pause.html b/root/login/pause.html
@@ -0,0 +1,19 @@
+<div class="jumbotron">
+    <div class="container-fluid">
+        <div class="col-md-offset-3 col-md-6">
+            <p class="text-center">Connect to MetaCPAN using PAUSE</p>
+            <form action="<% oauth_url %>">
+                <input type="hidden" name="client_id" value="<% consumer_key %>">
+                <div class="input-group">
+                    <span class="input-group-addon">
+                        PAUSE ID
+                    </span>
+                    <input type="text" class="form-control" name="id" />
+                    <span class="input-group-btn">
+                        <button class="btn btn-primary" type="submit">Log in</button>
+                    </span>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
diff --git a/root/static/js/cpan.js b/root/static/js/cpan.js
@@ -524,15 +524,6 @@ function set_page_size(selector, storage_name) {
     });
 }
 
-
-function logInPAUSE(a) {
-    if (!a.href.match(/pause/))
-        return true;
-    var id = prompt('Please enter your PAUSE ID:');
-    if (id) document.location.href = a.href + '&id=' + id;
-    return false;
-}
-
 function processUserData() {
 
     // Could do some fancy localStorage thing here
diff --git a/root/static/less/login.less b/root/static/less/login.less
diff --git a/root/static/less/style.less b/root/static/less/style.less
@@ -56,6 +56,5 @@
 @import "lab.less";
 @import "home.less";
 @import "syntaxhighlighter.less";
-@import "login.less";
 @import "pod2html.less";
 @import "notification.less";
diff --git a/root/wrapper.html b/root/wrapper.html
@@ -143,20 +143,14 @@
                         <b class="caret"></b>
                         </a>
                         <ul class="dropdown-menu">
-                            <%- FOREACH identity IN ['GitHub', 'Twitter', 'Google'] %>
+                            <%- FOREACH identity IN ['GitHub', 'Twitter', 'Google', 'OpenID'] %>
                             <li>
-                                <a href="<% oauth_prefix %>&amp;choice=<% identity.lower %>" onclick="return logInPAUSE(this)">
-                                <i class="fa fa-<% identity.lower %> fa-fw"></i>
-                                <% identity %>
+                                <a href="/login/<% identity.lower %>">
+                                    <i class="fa fa-<% identity.lower %> fa-fw"></i>
+                                    <% identity %>
                                 </a>
                             </li>
                             <%- END %>
-                            <li>
-                                <a href="/login/openid">
-                                <i class="fa fa-openid fa-fw"></i>
-                                OpenID
-                                </a>
-                            </li>
                         </ul>
                     </li>
                 </ul>
