HTML error for failed admin login

2024-07-02 08:16:53 +00:00 · 2022-08-22 18:50:20 +02:00 · 2022-08-22 18:50:20 +02:00 · ce15d2b0c3
parent e047a87620
commit ce15d2b0c3
4 changed files with 23 additions and 2 deletions
--- a/app/admin.py
+++ b/app/admin.py
@ -1072,9 +1072,21 @@ async def login_validation(
    password: str = Form(),
    redirect: str | None = Form(None),
    csrf_check: None = Depends(verify_csrf_token),
-) -> RedirectResponse:
+    db_session: AsyncSession = Depends(get_db_session),
+) -> RedirectResponse | templates.TemplateResponse:
    if not verify_password(password):
-        raise HTTPException(status_code=401)
+        logger.warning("Invalid password")
+        return await templates.render_template(
+            db_session,
+            request,
+            "login.html",
+            {
+                "error": "Invalid password",
+                "csrf_token": generate_csrf_token(),
+                "redirect": request.query_params.get("redirect", ""),
+            },
+            status_code=403,
+        )

    resp = RedirectResponse(redirect or "/admin/stream", status_code=302)
    resp.set_cookie("session", session_serializer.dumps({"is_logged_in": True}))  # type: ignore  # noqa: E501
--- a/app/scss/main.scss
+++ b/app/scss/main.scss
@ -13,6 +13,10 @@ $code-highlight-background: #f0f0f0;
 // Load custom theme
@import "theme.scss";

+.primary-color {
+  color: $primary-color;
+}
+
 .show-more-wrapper {
  .p-summary {
    display: inline-block;
--- a/app/templates.py
+++ b/app/templates.py
@ -90,6 +90,7 @@ async def render_template(
    request: Request,
    template: str,
    template_args: dict[str, Any] | None = None,
+    status_code: int = 200,
 ) -> TemplateResponse:
    if template_args is None:
        template_args = {}
@ -133,6 +134,7 @@ async def render_template(
            "actor_types": ap.ACTOR_TYPES,
            **template_args,
        },
+        status_code=status_code,
    )


--- a/app/templates/login.html
+++ b/app/templates/login.html
@ -3,6 +3,9 @@
 {% block content %}
 <div style="display:grid;height:80%;">
 <div style="margin:auto;">
+{% if error %}
+<p class="primary-color">Invalid password.</p>
+{% endif %}
 <form class="form" action="/admin/login" method="POST">
 <input type="hidden" name="csrf_token" value="{{ csrf_token }}">
 <input type="hidden" name="redirect" value="{{ redirect }}">