Sort out index redirection problems

2024-02-01 10:55:08 +01:00
parent 9ba455d3d1
commit d3fc71f72f
4 changed files with 12 additions and 10 deletions
--- a/view-webapp/src/main/kotlin/org/jeudego/pairgoth/web/AuthFilter.kt
+++ b/view-webapp/src/main/kotlin/org/jeudego/pairgoth/web/AuthFilter.kt
@@ -28,14 +28,15 @@ class AuthFilter: Filter {
        val uri = request.requestURI
        val session: HttpSession? = request.getSession(false)
        val auth = WebappManager.getProperty("auth") ?: throw Error("authentication not configured")
        val forwarded = request.getAttribute(RequestDispatcher.FORWARD_REQUEST_URI) != null
-        if (auth == "none" || whitelisted(uri) || session?.getAttribute("logged") != null) {
+        if (auth == "none" || whitelisted(uri) || forwarded || session?.getAttribute("logged") != null) {
            chain.doFilter(req, resp)
        } else {
            // TODO - configure if unauth requests are redirected and/or forwarded
            // TODO - protection against brute force attacks
            if (uri.endsWith("/index")) {
-                request.getRequestDispatcher("/index-ffg").forward(req, resp)
+                response.sendRedirect("/index-ffg")
            } else {
                response.sendRedirect("/login")
            }
@@ -44,8 +45,8 @@ class AuthFilter: Filter {
    companion object {
        private val whitelist = setOf(
            "/index-ffg",
            "/login",
            "/index-ffg",
            "/api/login",
            "api/logout"
        )
--- a/view-webapp/src/main/webapp/WEB-INF/web.xml
+++ b/view-webapp/src/main/webapp/WEB-INF/web.xml
@@ -18,13 +18,13 @@
    <async-supported>true</async-supported>
  </filter>
  <filter>
-    <filter-name>auth-filter</filter-name>
+    <filter-name>dispatching-filter</filter-name>
-    <filter-class>org.jeudego.pairgoth.web.AuthFilter</filter-class>
+    <filter-class>org.jeudego.pairgoth.web.DispatchingFilter</filter-class>
    <async-supported>true</async-supported>
  </filter>
  <filter>
-    <filter-name>dispatching-filter</filter-name>
+    <filter-name>auth-filter</filter-name>
-    <filter-class>org.jeudego.pairgoth.web.DispatchingFilter</filter-class>
+    <filter-class>org.jeudego.pairgoth.web.AuthFilter</filter-class>
    <async-supported>true</async-supported>
  </filter>
  <filter>
@@ -41,13 +41,13 @@
    <dispatcher>FORWARD</dispatcher>
  </filter-mapping>
  <filter-mapping>
-    <filter-name>auth-filter</filter-name>
+    <filter-name>dispatching-filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
  </filter-mapping>
  <filter-mapping>
-    <filter-name>dispatching-filter</filter-name>
+    <filter-name>auth-filter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
--- a/view-webapp/src/main/webapp/index-ffg.html
+++ b/view-webapp/src/main/webapp/index-ffg.html
@@ -9,7 +9,7 @@
    <li>
      <p><b>Stay in the browser</b>: If you prefer convenience, you can simply use the <span class="logo">pairgoth</span> instance graciously hosted by the French Go Federation.</p>
      <blockquote>
-        <a class="nobreak" href="https://pairgoth.jeudego.org/login">Launch <span class="logo">pairgoth</span></a>
+        <a class="nobreak" href="/login">Launch <span class="logo">pairgoth</span></a>
      </blockquote>
    </li>
    <li>
--- a/view-webapp/src/main/webapp/login.html
+++ b/view-webapp/src/main/webapp/login.html
@@ -3,6 +3,7 @@
    <div class="field">
      <label>Enter the magic word</label>
      <input type="text" name="sesame" autocomplete="false"/>
      <div>&nbsp;</div>
      <button type="submit" class="ui green floating button">Log in</button>
    </div>
  </form>