From 6bab5b4723b32069fe6b1f383df9839a769a0bd2 Mon Sep 17 00:00:00 2001
From: rainbow napkin <ourforest@tuta.io>
Date: Thu, 16 Oct 2025 21:22:37 -0400
Subject: [PATCH] Migration UI complete.

---
 .../api/account/loginController.js            | 23 +++++++++----------
 src/utils/loggerUtils.js                      |  2 +-
 src/views/migrate.ejs                         |  3 +++
 src/views/register.ejs                        |  2 ++
 www/css/migrate.css                           |  8 +++++++
 www/css/register.css                          |  4 ++++
 www/js/login.js                               |  1 +
 www/js/migrate.js                             |  3 +++
 www/js/utils.js                               | 13 ++++++++++-
 9 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/src/controllers/api/account/loginController.js b/src/controllers/api/account/loginController.js
index fd926b0..f5f2130 100644
--- a/src/controllers/api/account/loginController.js
+++ b/src/controllers/api/account/loginController.js
@@ -56,24 +56,23 @@ module.exports.post = async function(req, res){
             //Look for the username in the migration DB
             const migrationDB = await migrationModel.findOne({user});
 
-            //If this isn't a migration
-            if(migrationDB == null){
-                //Get login attempts
-                const attempts = sessionUtils.getLoginAttempts(user)
-
-                //if we've gone over max attempts 
-                if(attempts.count > sessionUtils.throttleAttempts){
-                    //tell client it needs a captcha
-                    return res.sendStatus(429);
-                }
-            //otherwise
-            }else{
+            //If we found a migration profile
+            if(migrationDB != null){
                 //If the user has a good password
                 if(hashUtils.compareLegacyPassword(pass, migrationDB.pass)){
                     //Redirect to migrate
                     return res.sendStatus(301);
                 }
             }
+            
+            //Get login attempts
+            const attempts = sessionUtils.getLoginAttempts(user)
+
+            //if we've gone over max attempts 
+            if(attempts.count > sessionUtils.throttleAttempts){
+                //tell client it needs a captcha
+                return res.sendStatus(429);
+            }
         }else{
             res.status(400);
             return res.send({errors: validResult.array()})
diff --git a/src/utils/loggerUtils.js b/src/utils/loggerUtils.js
index 12e5ad8..b3e30c3 100644
--- a/src/utils/loggerUtils.js
+++ b/src/utils/loggerUtils.js
@@ -225,7 +225,7 @@ module.exports.welcomeWagon = function(count, date, tokes){
 \x1b[32m   WEE EEE EED\x1b[0m      C      A   A  N  NN  O   O  P        Y
 \x1b[32m     WEEEEED\x1b[0m         CCCC  A   A  N  NN   OOO   P        Y
 \x1b[32m  WEEE  !  EEED\x1b[0m    
-\x1b[32m        !\x1b[0m          \x1b[34mInitialization Complete!\x1b[0m This server has booted \x1b[4m${count}\x1b[0m time${count == 1 ? '' : 's'} and taken ${tokes} \x1b[4mtoke${tokes == 1 ? '' : 's'}\x1b[0m.
+\x1b[32m        !\x1b[0m          \x1b[34mInitialization Complete!\x1b[0m This server has booted \x1b[4m${count}\x1b[0m time${count == 1 ? '' : 's'} and taken \x1b[4m${tokes}\x1b[0m toke${tokes == 1 ? '' : 's'}.
 \x1b[32m        !\x1b[0m          This server was first booted on \x1b[4m${date}\x1b[0m.`
 
         //Dump art to console
diff --git a/src/views/migrate.ejs b/src/views/migrate.ejs
index 3744efb..63e8f87 100644
--- a/src/views/migrate.ejs
+++ b/src/views/migrate.ejs
@@ -25,6 +25,9 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>. %>
     </head>
     <body>
         <%- include('partial/navbar', {user}); %>
+        <h1>Welcome Back!</h1>
+        <h2><%= instance%> has received an update, and your account needs one too!</h2>
+        <h2 class="danger-text">Remember your new password, you will need it for your first login!</h2>
         <form action="javascript:">
             <label>Username:</label>
             <input class="migrate-prompt" id="migrate-username" placeholder="Required">
diff --git a/src/views/register.ejs b/src/views/register.ejs
index 3848eac..58e8af3 100644
--- a/src/views/register.ejs
+++ b/src/views/register.ejs
@@ -25,6 +25,8 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>. %>
     </head>
     <body>
         <%- include('partial/navbar', {user}); %>
+        <h1>Account Registration</h1>
+        <h2 class="danger-text">Remember your password, you will need it for your first login!</h2>
         <form action="javascript:">
             <label>Username:</label>
             <input class="register-prompt" id="register-username" placeholder="Required">
diff --git a/www/css/migrate.css b/www/css/migrate.css
index 02ef485..7c56ebc 100644
--- a/www/css/migrate.css
+++ b/www/css/migrate.css
@@ -28,4 +28,12 @@ form{
 #migrate-button{
 	width: 6em;
 	height: 2em;
+}
+
+h1, h2{
+	text-align: center;
+}
+
+h2{
+	margin-bottom: 0;
 }
\ No newline at end of file
diff --git a/www/css/register.css b/www/css/register.css
index 0d25816..d070af8 100644
--- a/www/css/register.css
+++ b/www/css/register.css
@@ -28,4 +28,8 @@ form{
 #register-button{
 	width: 6em;
 	height: 2em;
+}
+
+h1, h2{
+	text-align: center;
 }
\ No newline at end of file
diff --git a/www/js/login.js b/www/js/login.js
index a2a4903..c5a3408 100644
--- a/www/js/login.js
+++ b/www/js/login.js
@@ -18,6 +18,7 @@ class registerPrompt{
     constructor(){
         //Grab user prompt
         this.user = document.querySelector("#login-page-username");
+        this.user.value = window.location.search.replace("?user=",'');
         //Grab pass prompts
         this.pass = document.querySelector("#login-page-password");
         //Grab register button
diff --git a/www/js/migrate.js b/www/js/migrate.js
index ed4a1ee..d714ce7 100644
--- a/www/js/migrate.js
+++ b/www/js/migrate.js
@@ -18,6 +18,7 @@ class migratePrompt{
     constructor(){
         //Grab user prompt
         this.user = document.querySelector("#migrate-username");
+        this.user.value = window.location.search.replace("?user=",'');
         //Grab pass prompts
         this.oldPass = document.querySelector("#migrate-password-old");
         this.pass = document.querySelector("#migrate-password");
@@ -37,6 +38,8 @@ class migratePrompt{
         //Add verification event listener to altcha widget
         this.altcha.addEventListener("verified", this.verify.bind(this));
 
+        console.log(this.button);
+
         //Add migrate event listener to migrate button
         this.button.addEventListener("click", this.migrate.bind(this));
     }
diff --git a/www/js/utils.js b/www/js/utils.js
index a2c0d8b..9e023f1 100644
--- a/www/js/utils.js
+++ b/www/js/utils.js
@@ -756,7 +756,7 @@ class canopyAjaxUtils{
     }
 
     async login(user, pass, verification){
-        var response = await fetch(`/api/account/login`,{
+        const response = await fetch(`/api/account/login`,{
             method: "POST",
             headers: {
                 "Content-Type": "application/json",
@@ -769,6 +769,17 @@ class canopyAjaxUtils{
             location.reload();
         }else if(response.status == 429){
             location = `/login?user=${user}`;
+        }else if(response.status == 301){
+            /*
+            * So this is gross but I don't know that theres a better way to do this
+            * Reloading the page would mean either sending the pass to the server as a URL query string which is insecure
+            * Or the server pre-loading it from the request, however sending passwords back to users seems like a bad idea too, even if it's just an echo
+            * Using fetch API to  load the page assets in dynamically fucks up too, because register.js waits for DOM to load
+            * 
+            * We could try an iframe and inject the password into that, however that seems really fucking dirty
+            * Sometimes it might just be better to make the user re-enter it...
+            */
+            location = `/migrate?user=${user}`;
         }else{
             utils.ux.displayResponseError(await response.json());
         }