From 9465f8db6d12a2bb8707f62ccb7d668059ec1cf1 Mon Sep 17 00:00:00 2001
From: Drew DeVault <sir@cmpwn.com>
Date: Wed, 20 May 2020 13:05:05 -0400
Subject: login: set encrypted "remember me" token

---
 plugins/base/routes.go | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'plugins/base/routes.go')

diff --git a/plugins/base/routes.go b/plugins/base/routes.go
index 3b47668..d023b4b 100644
--- a/plugins/base/routes.go
+++ b/plugins/base/routes.go
@@ -160,6 +160,12 @@ func handleGetMailbox(ctx *alps.Context) error {
 func handleLogin(ctx *alps.Context) error {
 	username := ctx.FormValue("username")
 	password := ctx.FormValue("password")
+	remember := ctx.FormValue("remember-me")
+
+	if username == "" && password == "" {
+		username, password = ctx.GetLoginToken()
+	}
+
 	if username != "" && password != "" {
 		s, err := ctx.Server.Sessions.Put(username, password)
 		if err != nil {
@@ -170,18 +176,30 @@ func handleLogin(ctx *alps.Context) error {
 		}
 		ctx.SetSession(s)
 
+		if remember == "on" {
+			ctx.SetLoginToken(username, password)
+		}
+
 		if path := ctx.QueryParam("next"); path != "" && path[0] == '/' && path != "/login" {
 			return ctx.Redirect(http.StatusFound, path)
 		}
 		return ctx.Redirect(http.StatusFound, "/mailbox/INBOX")
 	}
 
-	return ctx.Render(http.StatusOK, "login.html", alps.NewBaseRenderData(ctx))
+	return ctx.Render(http.StatusOK, "login.html",
+		&struct {
+			alps.BaseRenderData
+			CanRememberMe bool
+		}{
+			BaseRenderData: *alps.NewBaseRenderData(ctx),
+			CanRememberMe:  ctx.Server.Options.LoginKey != nil,
+		})
 }
 
 func handleLogout(ctx *alps.Context) error {
 	ctx.Session.Close()
 	ctx.SetSession(nil)
+	ctx.SetLoginToken("", "")
 	return ctx.Redirect(http.StatusFound, "/login")
 }
 
-- 
cgit v1.2.3