fix(fastapi): render Logged-in as page on authenticated /login

This was missed during the initial porting of the /login route.

Modifications:
-------------
- A form is now used for the [Logout] link and some css was
  needed to deal with positioning.

Closes #186

Signed-off-by: Kevin Morris <kevr@0cost.org>

aurweb/routers/auth.py

@@ -24,7 +24,6 @@ async def login_template(request: Request, next: str, errors: list = None):
 
 
 @router.get("/login", response_class=HTMLResponse)
-@auth_required(False, login=False)
 async def login_get(request: Request, next: str = "/"):
     return await login_template(request, next)
 

templates/login.html

@@ -5,6 +5,19 @@
 <div id="dev-login" class="box">
     <h2>AUR {% trans %}Login{% endtrans %}</h2>
 
+    {% if request.user.is_authenticated() %}
+        <form action="/logout" method="post" class="link">
+            <p>
+                {{
+                    "Logged-in as: %s" | tr
+                    | format("<strong>%s</strong>" | format(request.user.Username))
+                    | safe
+                }}
+                <input type="hidden" name="next" value="{{ next }}" />
+                <button type="submit">[{{ "Logout" | tr }}]</button>
+            </p>
+        </form>
+    {% else %}
         {% if request.url.scheme == "http" and config.getboolean("options", "disable_http_login") %}
             {% set https_login = url_base.replace("http://", "https://") + "/login" %}
             <p>
@@ -81,6 +94,7 @@
                 </fieldset>
             </form>
         {% endif %}
+    {% endif %}
 </div>
 
 {% endblock %}

test/test_auth_routes.py

@@ -131,7 +131,7 @@ def test_secure_login(mock):
     assert user.session == record
 
 
-def test_authenticated_login_forbidden():
+def test_authenticated_login():
     post_data = {
         "user": "test",
         "passwd": "testPassword",
@@ -139,15 +139,19 @@ def test_authenticated_login_forbidden():
     }
 
     with client as request:
-        # Login.
+        # Try to login.
         response = request.post("/login", data=post_data,
                                 allow_redirects=False)
         assert response.status_code == int(HTTPStatus.SEE_OTHER)
+        assert response.headers.get("location") == "/"
 
+        # Now, let's verify that we get the logged in rendering
+        # when requesting GET /login as an authenticated user.
         # Now, let's verify that we receive 403 Forbidden when we
         # try to get /login as an authenticated user.
         response = request.get("/login", allow_redirects=False)
-        assert response.status_code == int(HTTPStatus.SEE_OTHER)
+        assert response.status_code == int(HTTPStatus.OK)
+        assert "Logged-in as: <strong>test</strong>" in response.text
 
 
 def test_unauthenticated_logout_unauthorized():

web/html/css/aurweb.css

@@ -232,7 +232,7 @@ input#search-action-submit {
 
 /* Styling used to clone <a> styles for a form.link button. */
 form.link, form.link button {
-    display: inline-block;
+    display: inline;
     font-family: sans-serif;
 }
 form.link button {
@@ -247,3 +247,11 @@ form.link button:hover {
     cursor: pointer;
     text-decoration: underline;
 }
+
+/* Customize form.link when used inside of a page. */
+div.box form.link p {
+    margin: .33em 0 1em;
+}
+div.box form.link button {
+    padding: 0;
+}