summaryrefslogtreecommitdiff
path: root/templates/login.html.ep
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2019-03-02 18:08:48 +0100
committerDaniel Friesel <derf@finalrewind.org>2019-03-02 18:08:48 +0100
commit856a66c0bea917af8c7efd907d2200c01bab382b (patch)
tree20a0de23381c7a1593ed37529e1fcc87022364d9 /templates/login.html.ep
parentc6fd0a0efb8582e48d2eacafc0968938126bddd4 (diff)
implement user/password/csrf checks for login form
Diffstat (limited to 'templates/login.html.ep')
-rw-r--r--templates/login.html.ep52
1 files changed, 44 insertions, 8 deletions
diff --git a/templates/login.html.ep b/templates/login.html.ep
index b9b79eb..74deaef 100644
--- a/templates/login.html.ep
+++ b/templates/login.html.ep
@@ -1,18 +1,54 @@
+% if (my $invalid = stash('invalid')) {
+ <div class="row">
+ <div class="col s12">
+ <div class="card red darken-4">
+ <div class="card-content white-text">
+ % if ($invalid eq 'csrf') {
+ <span class="card-title">Ungültiger CSRF-Token</span>
+ <p>Sind Cookies aktiviert? Ansonsten könnte es sich um einen
+ Fall von <a
+ href="https://de.wikipedia.org/wiki/Cross-Site-Request-Forgery">CSRF</a>
+ handeln.</p>
+ % }
+ % elsif ($invalid eq 'credentials') {
+ <span class="card-title">Ungültige Logindaten</span>
+ <p>Falscher Account oder falsches Passwort.</p>
+ % }
+ % else {
+ <span class="card-title">Unbekannter Fehler</span>
+ <p>Das sollte nicht passieren™</p>
+ % }
+ </div>
+ </div>
+ </div>
+ </div>
+% }
<div class="row">
- <form class="col s12">
+ %= form_for '/x/login' => (class => 'col s12', method => 'POST') => begin
+ %= csrf_field
<div class="row">
<div class="input-field col s12">
<i class="material-icons prefix">account_circle</i>
- <input id="user" type="text" class="validate">
- <label for="user">User</label>
+ <input name="user" id="user" type="text" class="validate">
+ <label for="user">Account</label>
</div>
- </div>
- <div class="row">
<div class="input-field col s12">
<i class="material-icons prefix">lock</i>
- <input id="password" type="password" class="validate">
- <label for="password">Password</label>
+ <input name="password" id="password" type="password" class="validate">
+ <label for="password">Passwort</label>
+ </div>
+ </div>
+ <div class="row">
+ <div class="col s3 m3 l3">
+ </div>
+ <div class="col s6 m6 l6 center-align">
+ <button class="btn waves-effect waves-light" type="submit" name="action" value="login">
+ Anmelden
+ <i class="material-icons right">send</i>
+ </button>
+ </div>
+ <div class="col s3 m3 l3">
</div>
</div>
- </form>
+ %= end
</div>