Migration UI complete.

2025-10-16 21:22:37 -04:00 · 2025-10-16 21:22:37 -04:00 · 6bab5b4723
parent eb48b92551
commit 6bab5b4723
9 changed files with 45 additions and 14 deletions
--- a/src/controllers/api/account/loginController.js
+++ b/src/controllers/api/account/loginController.js
@ -56,24 +56,23 @@ module.exports.post = async function(req, res){
            //Look for the username in the migration DB
            const migrationDB = await migrationModel.findOne({user});

-            //If this isn't a migration
-            if(migrationDB == null){
-                //Get login attempts
-                const attempts = sessionUtils.getLoginAttempts(user)
-
-                //if we've gone over max attempts 
-                if(attempts.count > sessionUtils.throttleAttempts){
-                    //tell client it needs a captcha
-                    return res.sendStatus(429);
-                }
-            //otherwise
-            }else{
+            //If we found a migration profile
+            if(migrationDB != null){
                //If the user has a good password
                if(hashUtils.compareLegacyPassword(pass, migrationDB.pass)){
                    //Redirect to migrate
                    return res.sendStatus(301);
                }
            }
+            
+            //Get login attempts
+            const attempts = sessionUtils.getLoginAttempts(user)
+
+            //if we've gone over max attempts 
+            if(attempts.count > sessionUtils.throttleAttempts){
+                //tell client it needs a captcha
+                return res.sendStatus(429);
+            }
        }else{
            res.status(400);
            return res.send({errors: validResult.array()})
--- a/src/utils/loggerUtils.js
+++ b/src/utils/loggerUtils.js
@ -225,7 +225,7 @@ module.exports.welcomeWagon = function(count, date, tokes){
 \x1b[32m   WEE EEE EED\x1b[0m      C      A   A  N  NN  O   O  P        Y
 \x1b[32m     WEEEEED\x1b[0m         CCCC  A   A  N  NN   OOO   P        Y
 \x1b[32m  WEEE  !  EEED\x1b[0m    
-\x1b[32m        !\x1b[0m          \x1b[34mInitialization Complete!\x1b[0m This server has booted \x1b[4m${count}\x1b[0m time${count == 1 ? '' : 's'} and taken ${tokes} \x1b[4mtoke${tokes == 1 ? '' : 's'}\x1b[0m.
+\x1b[32m        !\x1b[0m          \x1b[34mInitialization Complete!\x1b[0m This server has booted \x1b[4m${count}\x1b[0m time${count == 1 ? '' : 's'} and taken \x1b[4m${tokes}\x1b[0m toke${tokes == 1 ? '' : 's'}.
 \x1b[32m        !\x1b[0m          This server was first booted on \x1b[4m${date}\x1b[0m.`

        //Dump art to console
--- a/src/views/migrate.ejs
+++ b/src/views/migrate.ejs
@ -25,6 +25,9 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>. %>
    </head>
    <body>
        <%- include('partial/navbar', {user}); %>
+        <h1>Welcome Back!</h1>
+        <h2><%= instance%> has received an update, and your account needs one too!</h2>
+        <h2 class="danger-text">Remember your new password, you will need it for your first login!</h2>
        <form action="javascript:">
            <label>Username:</label>
            <input class="migrate-prompt" id="migrate-username" placeholder="Required">
--- a/src/views/register.ejs
+++ b/src/views/register.ejs
@ -25,6 +25,8 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>. %>
    </head>
    <body>
        <%- include('partial/navbar', {user}); %>
+        <h1>Account Registration</h1>
+        <h2 class="danger-text">Remember your password, you will need it for your first login!</h2>
        <form action="javascript:">
            <label>Username:</label>
            <input class="register-prompt" id="register-username" placeholder="Required">
--- a/www/css/migrate.css
+++ b/www/css/migrate.css
@ -28,4 +28,12 @@ form{
 #migrate-button{
 	width: 6em;
 	height: 2em;
+}
+
+h1, h2{
+	text-align: center;
+}
+
+h2{
+	margin-bottom: 0;
 }
--- a/www/css/register.css
+++ b/www/css/register.css
@ -28,4 +28,8 @@ form{
 #register-button{
 	width: 6em;
 	height: 2em;
+}
+
+h1, h2{
+	text-align: center;
 }
--- a/www/js/login.js
+++ b/www/js/login.js
@ -18,6 +18,7 @@ class registerPrompt{
    constructor(){
        //Grab user prompt
        this.user = document.querySelector("#login-page-username");
+        this.user.value = window.location.search.replace("?user=",'');
        //Grab pass prompts
        this.pass = document.querySelector("#login-page-password");
        //Grab register button
--- a/www/js/migrate.js
+++ b/www/js/migrate.js
@ -18,6 +18,7 @@ class migratePrompt{
    constructor(){
        //Grab user prompt
        this.user = document.querySelector("#migrate-username");
+        this.user.value = window.location.search.replace("?user=",'');
        //Grab pass prompts
        this.oldPass = document.querySelector("#migrate-password-old");
        this.pass = document.querySelector("#migrate-password");
@ -37,6 +38,8 @@ class migratePrompt{
        //Add verification event listener to altcha widget
        this.altcha.addEventListener("verified", this.verify.bind(this));

+        console.log(this.button);
+
        //Add migrate event listener to migrate button
        this.button.addEventListener("click", this.migrate.bind(this));
    }
--- a/www/js/utils.js
+++ b/www/js/utils.js
@ -756,7 +756,7 @@ class canopyAjaxUtils{
    }

    async login(user, pass, verification){
-        var response = await fetch(`/api/account/login`,{
+        const response = await fetch(`/api/account/login`,{
            method: "POST",
            headers: {
                "Content-Type": "application/json",
@ -769,6 +769,17 @@ class canopyAjaxUtils{
            location.reload();
        }else if(response.status == 429){
            location = `/login?user=${user}`;
+        }else if(response.status == 301){
+            /*
+            * So this is gross but I don't know that theres a better way to do this
+            * Reloading the page would mean either sending the pass to the server as a URL query string which is insecure
+            * Or the server pre-loading it from the request, however sending passwords back to users seems like a bad idea too, even if it's just an echo
+            * Using fetch API to  load the page assets in dynamically fucks up too, because register.js waits for DOM to load
+            * 
+            * We could try an iframe and inject the password into that, however that seems really fucking dirty
+            * Sometimes it might just be better to make the user re-enter it...
+            */
+            location = `/migrate?user=${user}`;
        }else{
            utils.ux.displayResponseError(await response.json());
        }