Commit ae4949ae authored by rogerferre's avatar rogerferre
Browse files

feature(frontend): disable timeout check in login form

issue #1102
parent a8c7ff94
......@@ -1245,26 +1245,14 @@ sub login {
my $login = $c->param('login');
my $password = $c->param('password');
my $form_hash = $c->param('login_hash');
my $url = ($c->param('url') or $c->req->url->to_abs->path);
$url = '/' if $url =~ m{^/login};
my @error =();
# TODO: improve this hash
my ($time) = time =~ m{(.*)...$};
my $login_hash1 = $time.($CONFIG_FRONT->{secrets}->[0] or '');
# let login varm be valid for 60 seconds
($time) = (time-60) =~ m{(.*)...$};
my $login_hash2 = $time.($CONFIG_FRONT->{secrets}->[0] or '');
if (defined $login || defined $password || $c->param('submit')) {
push @error,("Empty login name") if !length $login;
push @error,("Empty password") if !length $password;
push @error,("Session timeout")
if $form_hash ne sha256_hex($login_hash1)
&& $form_hash ne sha256_hex($login_hash2);
}
if ( !@error && defined $login && defined $password) {
......@@ -1299,7 +1287,6 @@ sub login {
,js => ['/js/main.js']
,navbar_custom => 1
,login => $login
,login_hash => sha256_hex($login_hash1)
,error => \@error
,login_header => $CONFIG_FRONT->{login_header}
,login_message => $CONFIG_FRONT->{login_message}
......
......@@ -14,8 +14,6 @@
<input class="form-control" id="pssw" type="password" name="password" value="" placeholder="<%=l 'Password' %>" required>
<input type="hidden" name="url" value="<%= $url %>">
<input type="hidden" name="login_hash"
value="<%= $login_hash %>">
<!-- <input type="submit" name="submit" value="launch"> -->
<button id="submit" class="btn btn-success btn-lg btn-block" href="/" type="submit" name="submit" value="launch"><%=l 'Login' %></button>
% if (scalar @$error) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment