From d497e08109891079656fee1c145043a9c0e55f2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Zanghelini?= <an_dz@simutrans-forum>
Date: Sat, 3 Jun 2017 16:27:10 -0300
Subject: [PATCH] Login without script

---
 public/src/client/login.js        |  1 +
 src/controllers/authentication.js | 29 ++++++++++++++++++++++++++---
 src/controllers/helpers.js        | 14 ++++++++++++++
 src/views/400.tpl                 |  8 ++++++++
 src/views/403.tpl                 |  4 ++++
 src/views/500.tpl                 |  4 ++++
 6 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/public/src/client/login.js b/public/src/client/login.js
index 078b7448f7..223666f208 100644
--- a/public/src/client/login.js
+++ b/public/src/client/login.js
@@ -68,6 +68,7 @@ define('forum/login', [], function () {
 		} else {
 			$('#content #username').focus();
 		}
+		$('#content #noscript').val('false');
 	};
 
 	return Login;
diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index 5309bdc380..2d74c46794 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -14,6 +14,7 @@ var plugins = require('../plugins');
 var utils = require('../utils');
 var Password = require('../password');
 var translator = require('../translator');
+var helpers = require('./helpers');
 
 var sockets = require('../socket.io');
 
@@ -200,13 +201,21 @@ authenticationController.login = function (req, res, next) {
 	} else if (loginWith.indexOf('username') !== -1 && !validator.isEmail(req.body.username)) {
 		continueLogin(req, res, next);
 	} else {
-		res.status(500).send('[[error:wrong-login-type-' + loginWith + ']]');
+		var err = '[[error:wrong-login-type-' + loginWith + ']]';
+
+		if (req.body.noscript === 'true') {
+			return helpers.noScriptErrors(req, res, err, 500);
+		}
+		res.status(500).send(err);
 	}
 };
 
 function continueLogin(req, res, next) {
 	passport.authenticate('local', function (err, userData, info) {
 		if (err) {
+			if (req.body.noscript === 'true') {
+				return helpers.noScriptErrors(req, res, err.message, 403);
+			}
 			return res.status(403).send(err.message);
 		}
 
@@ -215,6 +224,9 @@ function continueLogin(req, res, next) {
 				info = '[[error:invalid-username-or-password]]';
 			}
 
+			if (req.body.noscript === 'true') {
+				return helpers.noScriptErrors(req, res, info, 403);
+			}
 			return res.status(403).send(info);
 		}
 
@@ -235,6 +247,9 @@ function continueLogin(req, res, next) {
 			req.session.passwordExpired = true;
 			user.reset.generate(userData.uid, function (err, code) {
 				if (err) {
+					if (req.body.noscript === 'true') {
+						return helpers.noScriptErrors(req, res, err.message, 403);
+					}
 					return res.status(403).send(err.message);
 				}
 
@@ -243,15 +258,23 @@ function continueLogin(req, res, next) {
 		} else {
 			authenticationController.doLogin(req, userData.uid, function (err) {
 				if (err) {
+					if (req.body.noscript === 'true') {
+						return helpers.noScriptErrors(req, res, err.message, 403);
+					}
 					return res.status(403).send(err.message);
 				}
 
+				var next;
 				if (!req.session.returnTo) {
-					res.status(200).send(nconf.get('relative_path') + '/');
+					next = nconf.get('relative_path') + '/';
 				} else {
-					var next = req.session.returnTo;
+					next = req.session.returnTo;
 					delete req.session.returnTo;
+				}
 
+				if (req.body.noscript === 'true') {
+					res.redirect(next + '?loggedin');
+				} else {
 					res.status(200).send(next);
 				}
 			});
diff --git a/src/controllers/helpers.js b/src/controllers/helpers.js
index 761faafa82..3057aa5265 100644
--- a/src/controllers/helpers.js
+++ b/src/controllers/helpers.js
@@ -14,6 +14,20 @@ var middleware = require('../middleware');
 
 var helpers = module.exports;
 
+helpers.noScriptErrors = function (req, res, error, httpStatus) {
+	var middleware = require('../middleware');
+	var httpStatusString = httpStatus.toString();
+	middleware.buildHeader(req, res, function () {
+		res.status(httpStatus).render(httpStatusString, {
+			path: req.path,
+			loggedIn: true,
+			error: error,
+			returnLink: true,
+			title: '[[global:' + httpStatusString + '.title]]',
+		});
+	});
+};
+
 helpers.notAllowed = function (req, res, error) {
 	plugins.fireHook('filter:helpers.notAllowed', {
 		req: req,
diff --git a/src/views/400.tpl b/src/views/400.tpl
index 9c263fcff1..c36f1b2f48 100644
--- a/src/views/400.tpl
+++ b/src/views/400.tpl
@@ -1,4 +1,12 @@
 <div class="alert alert-danger">
 	<strong>[[global:400.title]]</strong>
+	<!-- IF error -->
+	<p>{error}</p>
+	<!-- ELSE -->
 	<p>[[global:400.message, {config.relative_path}]]</p>
+	<!-- ENDIF error -->
+
+	<!-- IF returnLink -->
+	<p>[[error:goback]]</p>
+	<!-- ENDIF returnLink -->
 </div>
diff --git a/src/views/403.tpl b/src/views/403.tpl
index e6800ed72d..bf93b496cd 100644
--- a/src/views/403.tpl
+++ b/src/views/403.tpl
@@ -6,6 +6,10 @@
 	<p>[[global:403.message]]</p>
 	<!-- ENDIF error -->
 
+	<!-- IF returnLink -->
+	<p>[[error:goback]]</p>
+	<!-- ENDIF returnLink -->
+
 	<!-- IF !loggedIn -->
 	<p>[[global:403.login, {config.relative_path}]]</p>
 	<!-- ENDIF !loggedIn -->
diff --git a/src/views/500.tpl b/src/views/500.tpl
index 3abb9e8e27..7795fbbf8a 100644
--- a/src/views/500.tpl
+++ b/src/views/500.tpl
@@ -3,4 +3,8 @@
 	<p>[[global:500.message]]</p>
 	<p>{path}</p>
 	<!-- IF error --><p>{error}</p><!-- ENDIF error -->
+
+	<!-- IF returnLink -->
+	<p>[[error:goback]]</p>
+	<!-- ENDIF returnLink -->
 </div>