close #7918

it's a bit short on explanations tho
2021-01-14 18:38:06 +01:00 · 2021-01-14 18:38:06 +01:00 · e54c11584b
parent cd034c6b70
commit e54c11584b
3 changed files with 44 additions and 4 deletions
--- a/app/controllers/Auth.scala
+++ b/app/controllers/Auth.scala
@ -450,11 +450,34 @@ final class Auth(

  def loginWithToken(token: String) =
    Open { implicit ctx =>
-      Firewall {
-        env.security.loginToken consume token flatMap {
-          _.fold(notFound)(authenticateUser(_))
+      if (ctx.isAuth) Redirect(routes.Lobby.home()).fuccess
+      else
+        Firewall {
+          consumingToken(token) { user =>
+            env.security.loginToken.generate(user) map { newToken =>
+              Ok(html.auth.bits.tokenLoginConfirmation(user, newToken))
+            }
+          }
        }
-      }
+    }
+
+  def loginWithTokenPost(token: String) =
+    Open { implicit ctx =>
+      if (ctx.isAuth) Redirect(routes.Lobby.home()).fuccess
+      else
+        Firewall {
+          consumingToken(token) { authenticateUser(_) }
+        }
+    }
+
+  private def consumingToken(token: String)(f: UserModel => Fu[Result])(implicit ctx: Context) =
+    env.security.loginToken consume token flatMap {
+      case None =>
+        BadRequest {
+          import scalatags.Text.all.stringFrag
+          html.site.message("This token has expired.")(stringFrag("Please go back and try again."))
+        }.fuccess
+      case Some(user) => f(user)
    }

  implicit private val limitedDefault =
--- a/app/views/auth/bits.scala
+++ b/app/views/auth/bits.scala
@ -141,6 +141,22 @@ object bits {
      )
    }

+  def tokenLoginConfirmation(user: User, token: String)(implicit ctx: Context) =
+    views.html.base.layout(
+      title = s"Log in as ${user.username}",
+      moreCss = cssTag("form3")
+    ) {
+      main(cls := "page-small box box-pad")(
+        h1("Log in as ", userLink(user)),
+        postForm(action := routes.Auth.loginWithTokenPost(token))(
+          form3.actions(
+            a(href := routes.Lobby.home())(trans.cancel()),
+            submitButton(cls := "button")(s"${user.username} is my Lichess username, log me in")
+          )
+        )
+      )
+    }
+
  def checkYourEmailBanner(userEmail: lila.security.EmailConfirm.UserEmail) =
    frag(
      styleTag("""
--- a/conf/routes
+++ b/conf/routes
@ -393,6 +393,7 @@ POST  /password/reset/confirm/:token   controllers.Auth.passwordResetConfirmAppl
 POST  /auth/set-fp/:fp/:ms             controllers.Auth.setFingerPrint(fp: String, ms: Int)
 POST  /auth/token                      controllers.Auth.makeLoginToken
 GET   /auth/token/:token               controllers.Auth.loginWithToken(token: String)
+POST  /auth/token/:token               controllers.Auth.loginWithTokenPost(token: String)
 GET   /auth/magic-link                 controllers.Auth.magicLink
 POST  /auth/magic-link/send            controllers.Auth.magicLinkApply
 GET   /auth/magic-link/sent/:email     controllers.Auth.magicLinkSent(email: String)