diff options
author | Jakob Borg <jakob@kastelo.net> | 2024-01-04 11:07:12 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-04 10:07:12 +0000 |
commit | aa901790b99e13c6cbf2bb3fda9b8ba3b765d700 (patch) | |
tree | 76ca687c3fefe3701de174ad9a17136fe6b23b70 /gui | |
parent | 17df4b8634b55cee8961480272daca70e30009ed (diff) | |
download | syncthing-aa901790b99e13c6cbf2bb3fda9b8ba3b765d700.tar.gz syncthing-aa901790b99e13c6cbf2bb3fda9b8ba3b765d700.zip |
lib/api: Save session & CSRF tokens to database, add option to stay logged in (fixes #9151) (#9284)
This adds a "token manager" which handles storing and checking expired
tokens, used for both sessions and CSRF tokens. It removes the old,
corresponding functionality for CSRFs which saved things in a file. The
result is less crap in the state directory, and active login sessions
now survive a Syncthing restart (this really annoyed me).
It also adds a boolean on login to create a longer-lived session cookie,
which is now possible and useful. Thus we can remain logged in over
browser restarts, which was also annoying... :)
<img width="1001" alt="Screenshot 2023-12-12 at 09 56 34"
src="https://github.com/syncthing/syncthing/assets/125426/55cb20c8-78fc-453e-825d-655b94c8623b">
Best viewed with whitespace-insensitive diff, as a bunch of the auth
functions became methods instead of closures which changed indentation.
Diffstat (limited to 'gui')
-rw-r--r-- | gui/default/index.html | 6 | ||||
-rwxr-xr-x | gui/default/syncthing/core/syncthingController.js | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/gui/default/index.html b/gui/default/index.html index 6e26461ce..7f5baa99e 100644 --- a/gui/default/index.html +++ b/gui/default/index.html @@ -359,6 +359,12 @@ <input id="password" class="form-control" type="password" name="password" ng-model="login.password" ng-trim="false" autocomplete="current-password" /> </div> + <div class="form-group"> + <label> + <input type="checkbox" ng-model="login.stayLoggedIn" > <span translate>Stay logged in</span> + </label> + </div> + <div class="row"> <div class="col-md-9 login-form-messages"> <p ng-if="login.errors.badLogin" class="text-danger" translate> diff --git a/gui/default/syncthing/core/syncthingController.js b/gui/default/syncthing/core/syncthingController.js index b31f94188..54b0a96ee 100755 --- a/gui/default/syncthing/core/syncthingController.js +++ b/gui/default/syncthing/core/syncthingController.js @@ -103,6 +103,7 @@ angular.module('syncthing.core') $http.post(authUrlbase + '/password', { username: $scope.login.username, password: $scope.login.password, + stayLoggedIn: $scope.login.stayLoggedIn, }).then(function () { location.reload(); }).catch(function (response) { @@ -3602,7 +3603,7 @@ angular.module('syncthing.core') return n.match !== ""; }); }; - + // The showModal and hideModal functions are a bandaid for a Bootstrap // bug (see https://github.com/twbs/bootstrap/issues/3902) that causes // multiple consecutively shown or hidden modals to overlap which leads |