Files
FabledSteward/steward/templates/auth/login.html
T
bvandeusen 71715c38d8
CI / lint (push) Successful in 2s
CI / unit (push) Successful in 8s
CI / integration (push) Successful in 2m18s
CI / publish (push) Successful in 45s
feat(auth): return to the original view after an auth-expiry redirect
When a session has expired, require_role now bounces to /login?next=<path> and
sends the user back there after re-login.

- middleware: safe_next_url() (same-site relative path/query only; rejects
  off-site, protocol-relative, javascript:, and the auth pages — no open
  redirect). _login_redirect() builds the next param; for HTMX requests it uses
  HX-Current-URL (the page, not the fragment) and HX-Redirect so the whole
  browser navigates instead of swapping the login page into a fragment.
- login GET/POST carry `next` (hidden field), validated, used on success for
  local + LDAP; OIDC stashes it in session across the IdP round-trip.
- login.html: hidden next field + next on the SSO link.
- tests for safe_next_url.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 13:05:37 -04:00

38 lines
1.8 KiB
HTML

{% extends "base.html" %}
{% block title %}Login — Steward{% endblock %}
{% block content %}
<div style="max-width:400px;margin:4rem auto;">
<div class="card">
<p style="color: var(--text-dim); font-family: var(--font-serif); font-style: italic; font-size: 1.15rem; text-align: center; margin: 0 0 1.5rem;">Under Watch, Under Care.</p>
{% if error %}
<div style="color:var(--red);font-size:0.88rem;margin-bottom:1rem;
background:var(--red-dim);padding:0.6rem 0.75rem;border-radius:4px;">
{{ error }}
</div>
{% endif %}
{% if oidc_enabled %}
<a href="/login/oidc{% if next_url %}?next={{ next_url | urlencode }}{% endif %}" class="btn" style="width:100%;text-align:center;margin-bottom:1.25rem;display:block;">
Sign in with SSO
</a>
<div style="display:flex;align-items:center;gap:0.75rem;margin-bottom:1.25rem;">
<div style="flex:1;height:1px;background:var(--border-mid);"></div>
<span style="font-size:0.78rem;color:var(--text-dim);">or</span>
<div style="flex:1;height:1px;background:var(--border-mid);"></div>
</div>
{% endif %}
<form method="post" action="/login">
{% if next_url %}<input type="hidden" name="next" value="{{ next_url }}">{% endif %}
<div class="form-group">
<input type="text" name="username" placeholder="Username" autofocus required>
</div>
<div class="form-group">
<input type="password" name="password" placeholder="Password" required>
</div>
<button type="submit" class="btn {% if oidc_enabled %}btn-ghost{% endif %}" style="width:100%;">
Sign In
</button>
</form>
</div>
</div>
{% endblock %}