fix(FastAPI): prefill login fields with entered data

2025-02-03 10:43:03 +01:00 · 2021-10-05 14:00:12 -04:00 · 2021-10-05 14:00:12 -04:00 · 1956be0f46
commit 1956be0f46
parent 82a3349649
3 changed files with 52 additions and 10 deletions
--- a/aurweb/routers/auth.py
+++ b/aurweb/routers/auth.py
@ -9,14 +9,14 @@ import aurweb.config
 from aurweb import util
 from aurweb.auth import auth_required
 from aurweb.models.user import User
-from aurweb.templates import make_context, render_template
+from aurweb.templates import make_variable_context, render_template

 router = APIRouter()


-def login_template(request: Request, next: str, errors: list = None):
+async def login_template(request: Request, next: str, errors: list = None):
    """ Provide login-specific template context to render_template. """
-    context = make_context(request, "Login", next)
+    context = await make_variable_context(request, "Login", next)
    context["errors"] = errors
    context["url_base"] = f"{request.url.scheme}://{request.url.netloc}"
    return render_template(request, "login.html", context)
@ -25,7 +25,7 @@ def login_template(request: Request, next: str, errors: list = None):
@router.get("/login", response_class=HTMLResponse)
@auth_required(False)
 async def login_get(request: Request, next: str = "/"):
-    return login_template(request, next)
+    return await login_template(request, next)


@router.post("/login", response_class=HTMLResponse)
@ -39,7 +39,7 @@ async def login_post(request: Request,

    user = session.query(User).filter(User.Username == user).first()
    if not user:
-        return login_template(request, next,
+        return await login_template(request, next,
                                    errors=["Bad username or password."])

    cookie_timeout = 0
@ -50,7 +50,7 @@ async def login_post(request: Request,

    sid = user.login(request, passwd, cookie_timeout)
    if not sid:
-        return login_template(request, next,
+        return await login_template(request, next,
                                    errors=["Bad username or password."])

    login_timeout = aurweb.config.getint("options", "login_timeout")
--- a/templates/login.html
+++ b/templates/login.html
@ -45,7 +45,8 @@
                    </label>

                    <input id="id_username" type="text" name="user" size="30"
-                           maxlength="254" autofocus="autofocus">
+                           maxlength="254" autofocus="autofocus"
+                           value="{{ user or '' }}">
                </p>

                <p>
@ -57,7 +58,11 @@
                </p>

                <p>
-                    <input id="id_remember_me" type="checkbox" name="remember_me">
+                    <input id="id_remember_me" type="checkbox" name="remember_me"
+                        {% if remember_me %}
+                            checked="checked"
+                        {% endif %}
+                    >
                    <label for="id_remember_me">
                        {% trans %}Remember me{% endtrans %}
                    </label>
--- a/test/test_auth_routes.py
+++ b/test/test_auth_routes.py
@ -160,6 +160,11 @@ def test_login_missing_username():
        response = request.post("/login", data=post_data)
    assert "AURSID" not in response.cookies

+    # Make sure password isn't prefilled and remember_me isn't checked.
+    content = response.content.decode()
+    assert post_data["passwd"] not in content
+    assert "checked" not in content
+

 def test_login_remember_me():
    post_data = {
@ -188,6 +193,26 @@ def test_login_remember_me():
    assert _session.LastUpdateTS < expected_ts + 5


+def test_login_incorrect_password_remember_me():
+    post_data = {
+        "user": "test",
+        "passwd": "badPassword",
+        "next": "/",
+        "remember_me": "on"
+    }
+
+    with client as request:
+        response = request.post("/login", data=post_data)
+    assert "AURSID" not in response.cookies
+
+    # Make sure username is prefilled, password isn't prefilled, and remember_me
+    # is checked.
+    content = response.content.decode()
+    assert post_data["user"] in content
+    assert post_data["passwd"] not in content
+    assert "checked" in content
+
+
 def test_login_missing_password():
    post_data = {
        "user": "test",
@ -198,6 +223,11 @@ def test_login_missing_password():
        response = request.post("/login", data=post_data)
    assert "AURSID" not in response.cookies

+    # Make sure username is prefilled and remember_me isn't checked.
+    content = response.content.decode()
+    assert post_data["user"] in content
+    assert "checked" not in content
+

 def test_login_incorrect_password():
    post_data = {
@ -209,3 +239,10 @@ def test_login_incorrect_password():
    with client as request:
        response = request.post("/login", data=post_data)
    assert "AURSID" not in response.cookies
+
+    # Make sure username is prefilled, password isn't prefilled and remember_me
+    # isn't checked.
+    content = response.content.decode()
+    assert post_data["user"] in content
+    assert post_data["passwd"] not in content
+    assert "checked" not in content