Merge pull request #3547 from BlackDex/GH-3540

Prevent 401 on main admin page
This commit is contained in:
Mathijs van Veluw 2023-05-26 17:25:48 +02:00 committed by GitHub
commit 95cd6deda6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -36,6 +36,7 @@ pub fn routes() -> Vec<Route> {
get_user_by_mail_json, get_user_by_mail_json,
post_admin_login, post_admin_login,
admin_page, admin_page,
admin_page_login,
invite_user, invite_user,
logout, logout,
delete_user, delete_user,
@ -256,6 +257,11 @@ fn admin_page(_token: AdminToken) -> ApiResult<Html<String>> {
render_admin_page() render_admin_page()
} }
#[get("/", rank = 2)]
fn admin_page_login() -> ApiResult<Html<String>> {
render_admin_login(None, None)
}
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct InviteData { struct InviteData {
@ -761,7 +767,17 @@ impl<'r> FromRequest<'r> for AdminToken {
let access_token = match cookies.get(COOKIE_NAME) { let access_token = match cookies.get(COOKIE_NAME) {
Some(cookie) => cookie.value(), Some(cookie) => cookie.value(),
None => return Outcome::Failure((Status::Unauthorized, "Unauthorized")), None => {
let requested_page =
request.segments::<std::path::PathBuf>(0..).unwrap_or_default().display().to_string();
// When the requested page is empty, it is `/admin`, in that case, Forward, so it will render the login page
// Else, return a 401 failure, which will be caught
if requested_page.is_empty() {
return Outcome::Forward(Status::Unauthorized);
} else {
return Outcome::Failure((Status::Unauthorized, "Unauthorized"));
}
}
}; };
if decode_admin(access_token).is_err() { if decode_admin(access_token).is_err() {