external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

try to use X-Forwarded-Proto to determine https login

Browse source 
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2022-01-15 19:16:56 -08:00
parent 2db4809f8d
commit fc69ef4b57
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
aurweb/routers/auth.py
View file

@ -6,18 +6,20 @@ from fastapi.responses import HTMLResponse, RedirectResponse
import aurweb.config
from aurweb import cookies, db
from aurweb import cookies, db, logging
from aurweb.auth import requires_auth, requires_guest
from aurweb.l10n import get_translator_for_request
from aurweb.models import User
from aurweb.templates import make_variable_context, render_template
logger = logging.get_logger(__name__)
router = APIRouter()
async def login_template(request: Request, next: str, errors: list = None):
""" Provide login-specific template context to render_template. """
context = await make_variable_context(request, "Login", next)
logger.info(f"Request scheme: '{request.url.scheme}'.")
context["errors"] = errors
context["url_base"] = f"{request.url.scheme}://{request.url.netloc}"
return render_template(request, "login.html", context)

2
templates/login.html
View file

@ -18,7 +18,7 @@
</p>
</form>
{% else %}
{% if request.url.scheme == "http" and config.getboolean("options", "disable_http_login") %}
{% if request.headers.get("X-Forwarded-Proto", "http") and config.getboolean("options", "disable_http_login") %}
{% set https_login = url_base.replace("http://", "https://") + "/login" %}
<p>
{{ "HTTP login is disabled. Please %sswitch to HTTPs%s if you want to login."