now force login on /admin/<token> route, partial fix for #27

2024-05-22 23:52:12 +02:00 · 2021-04-14 00:31:18 +02:00 · 2021-04-14 00:31:18 +02:00 · 9612086790
parent 05a15b1680
commit 9612086790
1 changed files with 28 additions and 23 deletions
--- a/src/forward.rs
+++ b/src/forward.rs
@ -149,13 +149,6 @@ pub async fn forward_login(
    client: web::Data<Client>,
    dbpool: web::Data<DbPool>,
 ) -> Result<HttpResponse, TrainCrash> {
-    // if the user is already logged in, redirect to the Forms app
-    if is_logged_in(&req).is_some() {
-        return Ok(web_redir("/apps/forms").await.map_err(|e| {
-            eprintln!("error_redirect (1:/apps/forms/): {}", e);
-            crash(get_lang(&req), "error_redirect")
-        })?);
-    }

    // check if the provided token seems valid. If not, early return.
    if !check_token(&params.token) {
@ -177,11 +170,23 @@ pub async fn forward_login(
            crash(get_lang(&req), "error_forwardlogin_db_get")
        })?
    .ok_or_else(|| {
-            debug("Token not found.");
+        debug("error: Token not found.");
        crash(get_lang(&req), "error_forwardlogin_notfound")
    })?;
    
-    // else, try to log the user in with DB data, then redirect.
+    // if the user is already logged in, skip the login process
+    // we don't care if someone edits their cookies, Nextcloud will properly
+    // check them anyway
+    if let Some(nc_username) = is_logged_in(&req) {
+        if nc_username.contains(&format!("nc_username={}", formdata.nc_username)) {
+            return Ok(web_redir("/apps/forms").await.map_err(|e| {
+                eprintln!("error_redirect (1:/apps/forms/): {}", e);
+                crash(get_lang(&req), "error_redirect")
+            })?);
+        }
+    }
+
+    // try to log the user in with DB data, then redirect.
    login(&client, &req, &formdata.nc_username, &formdata.nc_password).await
 }