Verify auth state before authenticating

2020-11-21 15:31:13 +01:00 · 2020-11-21 15:31:13 +01:00 · ab0c30013b
parent a3541ac1e9
commit ab0c30013b
2 changed files with 9 additions and 2 deletions
--- a/src/views/user/Login.vue
+++ b/src/views/user/Login.vue
@ -6,7 +6,7 @@
 				You successfully confirmed your email! You can log in now.
 			</div>
 			<api-config/>
-			<form @submit.prevent="submit" id="loginform">
+			<form @submit.prevent="submit" id="loginform" v-if="localAuthEnabled">
 				<div class="field">
 					<label class="label" for="username">Username</label>
 					<div class="control">
@ -136,7 +136,7 @@ export default {
 		errorMessage: ERROR_MESSAGE,
 		needsTotpPasscode: state => state.auth.needsTotpPasscode,
 		authenticated: state => state.auth.authenticated,
-		localAuthEnabled: state => state.config.auth.enabled,
+		localAuthEnabled: state => state.config.auth.local.enabled,
 		openidConnect: state => state.config.auth.openidConnect,
 	}),
 	methods: {
--- a/src/views/user/OpenIdAuth.vue
+++ b/src/views/user/OpenIdAuth.vue
@ -38,6 +38,13 @@ export default {
 			}
 			localStorage.setItem('authenticating', true)

+			const state = localStorage.getItem('state')
+			if(typeof this.$route.query.state === 'undefined' || this.$route.query.state !== state) {
+				localStorage.removeItem('authenticating')
+				this.$store.commit(ERROR_MESSAGE, 'State does not match, refusing to continue!')
+				return
+			}
+
 			this.$store.commit(ERROR_MESSAGE, '')

 			this.$store.dispatch('auth/openIdAuth', {