Well, either way, your login form needs a csrf token added to it. You can do it via hidden input.
Retrieve it via js like so
require(['csrf'], function(csrf) { var token = csrf.get(); });Authorization and registration on the one page
-
- I had a problem when creating a authorization and registration on the one page:
https://github.com/NodeBB/NodeBB/blob/master/src/routes/authentication.js#L65
router.post('/register', Auth.middleware.applyCSRF, Auth.middleware.applyBlacklist, controllers.authentication.register);router.post('/login', Auth.middleware.applyCSRF, Auth.middleware.applyBlacklist, controllers.authentication.login);router.post('/logout', Auth.middleware.applyCSRF, controllers.authentication.logout);How specify a one url for
controllers.authentication.registerandcontrollers.authentication.login?
- The second problem was with the attribute username and password:
https://github.com/NodeBB/nodebb-theme-persona/blob/master/templates/register.tpl#L27
<input class="form-control" type="text" placeholder="[[register:username_placeholder]]"
name="username"id="username" autocorrect="off" autocapitalize="off" autocomplete="off" />https://github.com/NodeBB/nodebb-theme-persona/blob/master/templates/register.tpl#L39
<input class="form-control" type="password" placeholder="[[register:password_placeholder]]"
name="password"id="password" />...same attributes at login
https://github.com/NodeBB/nodebb-theme-persona/blob/master/templates/login.tpl#L17
<input class="form-control" type="text" placeholder="{allowLoginWith}" name="username"
id="username"autocorrect="off" autocapitalize="off" />https://github.com/NodeBB/nodebb-theme-persona/blob/master/templates/login.tpl#L23
<input class="form-control" type="password" placeholder="[[user:password]]"
name="password"id="password" />I tried to rename the registration attributes on
name="newusername"andname="newpassword"so that they do not conflict with each other, but registration has stopped working.
If this is not done, then the registration will be available through the authorization form. -
Registration and login are both handled as an XHR on the client side. That's why both routes are just POST routes.
You'll want to investigate how the request is made, and mimic it with the new fields
-
@julian said:
You'll want to investigate how the request is made, and mimic it with the new fields
Yes.
