mirror of
https://github.com/janeczku/calibre-web
synced 2024-12-24 17:10:31 +00:00
Improved csrf protection for remote login
This commit is contained in:
parent
52be2ad4a2
commit
1c15e10ac0
@ -15,7 +15,6 @@
|
|||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
function getPath() {
|
function getPath() {
|
||||||
var jsFileLocation = $("script[src*=jquery]").attr("src"); // the js file path
|
var jsFileLocation = $("script[src*=jquery]").attr("src"); // the js file path
|
||||||
return jsFileLocation.substr(0, jsFileLocation.search("/static/js/libs/jquery.min.js")); // the js folder path
|
return jsFileLocation.substr(0, jsFileLocation.search("/static/js/libs/jquery.min.js")); // the js folder path
|
||||||
|
36
cps/static/js/remote_login.js
Normal file
36
cps/static/js/remote_login.js
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
/* This file is part of the Calibre-Web (https://github.com/janeczku/calibre-web)
|
||||||
|
* Copyright (C) 2017-2021 jkrehm, OzzieIsaacs
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
(function () {
|
||||||
|
// Poll the server to check if the user has authenticated
|
||||||
|
var t = setInterval(function () {
|
||||||
|
$.post(getPath() + "/ajax/verify_token", { token: $("#verify_url").data("token") })
|
||||||
|
.done(function(response) {
|
||||||
|
if (response.status === 'success') {
|
||||||
|
// Wait a tick so cookies are updated
|
||||||
|
setTimeout(function () {
|
||||||
|
window.location.href = getPath() + '/';
|
||||||
|
}, 0);
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.fail(function (xhr) {
|
||||||
|
clearInterval(t);
|
||||||
|
var response = JSON.parse(xhr.responseText);
|
||||||
|
alert(response.message);
|
||||||
|
});
|
||||||
|
}, 5000);
|
||||||
|
})()
|
@ -4,7 +4,7 @@
|
|||||||
<h2 style="margin-top: 0">{{_('Magic Link - Authorise New Device')}}</h2>
|
<h2 style="margin-top: 0">{{_('Magic Link - Authorise New Device')}}</h2>
|
||||||
<p>
|
<p>
|
||||||
{{_('On another device, login and visit:')}}
|
{{_('On another device, login and visit:')}}
|
||||||
<h4><a id="verify_url" href="{{verify_url}}">{{verify_url}}</a></b>
|
<h4><a id="verify_url" data-token="{{token}}" href="{{verify_url}}">{{verify_url}}</a></b>
|
||||||
</h4>
|
</h4>
|
||||||
<p>
|
<p>
|
||||||
{{_('Once verified, you will automatically be logged in on this device.')}}
|
{{_('Once verified, you will automatically be logged in on this device.')}}
|
||||||
@ -16,7 +16,8 @@
|
|||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block js %}
|
{% block js %}
|
||||||
<script type="text/javascript">
|
<script src="{{ url_for('static', filename='js/remote_login.js') }}"></script>
|
||||||
|
<!--script type="text/javascript">
|
||||||
(function () {
|
(function () {
|
||||||
// Poll the server to check if the user has authenticated
|
// Poll the server to check if the user has authenticated
|
||||||
var t = setInterval(function () {
|
var t = setInterval(function () {
|
||||||
@ -37,5 +38,5 @@
|
|||||||
});
|
});
|
||||||
}, 5000);
|
}, 5000);
|
||||||
})()
|
})()
|
||||||
</script>
|
</script-->
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
Loading…
Reference in New Issue
Block a user