Skip to content

Bugfix/ie11 fix rebased on refactor work #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Bugfix/ie11 fix rebased on refactor work #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7c17e97
fix IE11
wingleung Dec 19, 2018
25bdc99
Add basic styling to index.html
wingleung Dec 19, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions src/delegate.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />

<title>Login</title>
<link rel="stylesheet"
href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
Expand Down Expand Up @@ -74,7 +76,7 @@ <h1>Request access</h1>

<div class="form-group">
<label for="subject">Reason for access (free text, mandatory)</label>
<input class="form-control" type="text" name="subject" id="subject" value=""/>
<input class="form-control" type="text" name="subject" id="subject" value="" required />
</div>

<fieldset class="form-group">
Expand Down Expand Up @@ -139,8 +141,10 @@ <h1>Request access</h1>

var dateTime = new Date();
var formSignIn = document.querySelector('.form-signin');
var subjectInput = formSignIn.querySelector('#subject');
var inputExp = formSignIn.querySelector('#exp');
var dateTimePicker = $('#datetimepicker1');
var domains = document.getElementById('domains')
var authorizerResponse = document.querySelector('.authorizer-response');
var authorizerToken = document.getElementById('token');

Expand All @@ -151,12 +155,18 @@ <h1>Request access</h1>
formSignIn.addEventListener('submit', function (e) {
e.preventDefault();

var formData = new URLSearchParams(new FormData(formSignIn));
var formDataUrlParams = 'exp=' + inputExp.value + '&subject=' + subjectInput.value;
domains.querySelectorAll('input').forEach(function(input) {
if (input.checked) {
formDataUrlParams = formDataUrlParams + '&' + input.name + '=' + input.value
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moet hier geen escaping gebeuren?

Copy link

@vStone vStone Dec 20, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Je zou knn opperen van wel, maar bogus input moet toch op de backend gechecked worden. frontend input is niet te vertrouwen :)

Copy link
Contributor

@nielslaukens nielslaukens Dec 20, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

De backend checkt de data die aangeleverd wordt; dat is het probleem niet.
Het probleem is dat de gebruiker rare foutmeldingen gaat krijgen als hij een "ongewoon" karakter in zijn Subject tikt. Met spatie ook als ongewoon...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nielslaukens wordt automatisch gedaan op lijn 164 door new URLSearchParams(formDataUrlParams)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure dat een ingevulde subject van foo&dummy=bar de boel om zeep gaat helpen...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://jsbin.com/teyutehela/edit?js,console

}
})
var formDataUrlSearchParams = new URLSearchParams(formDataUrlParams);

fetch('/delegate', {
credentials: 'include',
method: 'post',
body: formData
body: formDataUrlSearchParams.toString()
})
.then(function (response) {
if (response.status !== 200)
Expand Down
64 changes: 46 additions & 18 deletions src/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,29 +3,57 @@
<head>
<meta charset="UTF-8">
<title>Authorizer</title>
<style media="screen">
html, body {
height: 100%;
}

body {
display: -ms-flexbox;
display: flex;
-ms-flex-align: center;
align-items: center;
flex-direction: column;
padding-top: 40px;
padding-bottom: 40px;
background-color: #f5f5f5;
}

.vrt-authorizer-main {
width: 100%;
max-width: 480px;
padding: 30px 25px;
margin: 2rem auto;
background: white;
border-radius: 5px;
box-shadow: 0 0 35px rgba(0, 0, 0, .1);
}
</style>
</head>
<body>
<h1>Authorizer</h1>
<div class="no_access" style="display: none;">
<p>You have no access.</p>
<p>
<a href="{{{authenticate}}}"><!-- href filled in by Python -->Authenticate</a>
</p>
</div>
<div class="access" style="display: none;">
<p>You have a valid token until <span class="exp">EXPIRATION</span></p>
<p>This token was (originally) generated by <span class="azp"></span></p>
<p class="sub_present" style="display: none;">This token was delegated to: <span class="sub"></span></p>
<main class="vrt-authorizer-main">
<h1>Authorizer</h1>
<div class="no_access" style="display: none;">
<p>You have no access.</p>
<p>
<a href="{{{authenticate}}}"><!-- href filled in by Python -->Authenticate</a>
</p>
</div>
<div class="access" style="display: none;">
<p>You have a valid token until <span class="exp">EXPIRATION</span></p>
<p>This token was (originally) generated by <span class="azp"></span></p>
<p class="sub_present" style="display: none;">This token was delegated to: <span class="sub"></span></p>

<p class="all_domains" style="display: none;">You have access to all domains.</p>
<p class="all_domains" style="display: none;">You have access to all domains.</p>

<p class="domain_limit" style="display: none;">You have access to the following domains:</p>
<ul class="domain_limit domain_list" style="display: none;"></ul>
<p class="domain_limit" style="display: none;">You have access to the following domains:</p>
<ul class="domain_limit domain_list" style="display: none;"></ul>

<p class="access" style="display: none;">
<a href="/delegate">Delegate (part of) this access to a third party</a>
</p>
</div>
<p class="access" style="display: none;">
<a href="/delegate">Delegate (part of) this access to a third party</a>
</p>
</div>
</main>

<script type="text/javascript">
/* These variables will be filled in by the Python code when this file
Expand Down