diff --git a/view-webapp/src/main/kotlin/org/jeudego/pairgoth/web/AuthFilter.kt b/view-webapp/src/main/kotlin/org/jeudego/pairgoth/web/AuthFilter.kt index 4655710..165e5d4 100644 --- a/view-webapp/src/main/kotlin/org/jeudego/pairgoth/web/AuthFilter.kt +++ b/view-webapp/src/main/kotlin/org/jeudego/pairgoth/web/AuthFilter.kt @@ -28,14 +28,15 @@ class AuthFilter: Filter { val uri = request.requestURI val session: HttpSession? = request.getSession(false) val auth = WebappManager.getProperty("auth") ?: throw Error("authentication not configured") + val forwarded = request.getAttribute(RequestDispatcher.FORWARD_REQUEST_URI) != null - if (auth == "none" || whitelisted(uri) || session?.getAttribute("logged") != null) { + if (auth == "none" || whitelisted(uri) || forwarded || session?.getAttribute("logged") != null) { chain.doFilter(req, resp) } else { // TODO - configure if unauth requests are redirected and/or forwarded // TODO - protection against brute force attacks if (uri.endsWith("/index")) { - request.getRequestDispatcher("/index-ffg").forward(req, resp) + response.sendRedirect("/index-ffg") } else { response.sendRedirect("/login") } @@ -44,8 +45,8 @@ class AuthFilter: Filter { companion object { private val whitelist = setOf( - "/index-ffg", "/login", + "/index-ffg", "/api/login", "api/logout" ) diff --git a/view-webapp/src/main/webapp/WEB-INF/web.xml b/view-webapp/src/main/webapp/WEB-INF/web.xml index 1f2f43e..14d64a6 100644 --- a/view-webapp/src/main/webapp/WEB-INF/web.xml +++ b/view-webapp/src/main/webapp/WEB-INF/web.xml @@ -18,13 +18,13 @@ true - auth-filter - org.jeudego.pairgoth.web.AuthFilter + dispatching-filter + org.jeudego.pairgoth.web.DispatchingFilter true - dispatching-filter - org.jeudego.pairgoth.web.DispatchingFilter + auth-filter + org.jeudego.pairgoth.web.AuthFilter true @@ -41,13 +41,13 @@ FORWARD - auth-filter + dispatching-filter /* REQUEST FORWARD - dispatching-filter + auth-filter /* REQUEST FORWARD diff --git a/view-webapp/src/main/webapp/index-ffg.html b/view-webapp/src/main/webapp/index-ffg.html index 7626668..c3ced80 100644 --- a/view-webapp/src/main/webapp/index-ffg.html +++ b/view-webapp/src/main/webapp/index-ffg.html @@ -9,7 +9,7 @@

  • Stay in the browser: If you prefer convenience, you can simply use the instance graciously hosted by the French Go Federation.

    - Launch + Launch
  • diff --git a/view-webapp/src/main/webapp/login.html b/view-webapp/src/main/webapp/login.html index 70f05ca..ef3e449 100644 --- a/view-webapp/src/main/webapp/login.html +++ b/view-webapp/src/main/webapp/login.html @@ -3,6 +3,7 @@
    +