feat(xo-server/signin): remember me with external providers

It works the same as password signin.
2024-01-11 08:58:52 +01:00
parent 4aad9d8e32
commit 6127e30574
3 changed files with 26 additions and 5 deletions
--- a/CHANGELOG.unreleased.md
+++ b/CHANGELOG.unreleased.md
@@ -10,6 +10,7 @@
 - [Settings/Logs] Use GitHub issue form with pre-filled fields when reporting a bug [#7142](https://github.com/vatesfr/xen-orchestra/issues/7142) (PR [#7274](https://github.com/vatesfr/xen-orchestra/pull/7274))
 - [REST API] New pool action: `emergency_shutdown`, it suspends all the VMs and then shuts down all the host [#7277](https://github.com/vatesfr/xen-orchestra/issues/7277) (PR [#7279](https://github.com/vatesfr/xen-orchestra/pull/7279))
 - [Tasks] Hide `/rrd_updates` tasks by default
+- [Sign in] Support _Remember me_ feature with external providers (PR [#7298](https://github.com/vatesfr/xen-orchestra/pull/7298))

 ### Bug fixes

--- a/packages/xo-server/signin.pug
+++ b/packages/xo-server/signin.pug
@@ -33,8 +33,19 @@ html
                i.fa.fa-sign-in
                |  Sign in
      else
-        each label, id in strategies
-          div: a(href = 'signin/' + id).btn.btn-block.btn-primary.mb-1 Sign in with #{label}
+        if Object.keys(strategies).length !== 0
+          form(action = 'signin/dispatch' method = 'post')
+            .checkbox
+              label
+                input(
+                  name = 'remember-me'
+                  type = 'checkbox'
+                )
+                | &nbsp;
+                | Remember me
+            each label, id in strategies
+              div: button(type = 'submit' name = 'provider' value = id).btn.btn-block.btn-primary.mb-1 Sign in with #{label}
+          hr
        form(action = 'signin/local' method = 'post')
          fieldset
            .input-group.mb-1
--- a/packages/xo-server/src/index.mjs
+++ b/packages/xo-server/src/index.mjs
@@ -261,8 +261,18 @@ async function setUpPassport(express, xo, { authentication: authCfg, http: { coo
    }

    const matches = url.match(SIGNIN_STRATEGY_RE)
-    if (matches) {
-      return passport.authenticate(matches[1], async (err, user, info) => {
+    if (matches !== null) {
+      let provider = matches[1]
+      if (provider === 'dispatch') {
+        provider = req.body.provider
+      }
+
+      // directly from the signin form, not a callback
+      if (matches[2] === undefined) {
+        req.session.isPersistent = req.body['remember-me'] === 'on'
+      }
+
+      return passport.authenticate(provider, async (err, user, info) => {
        if (err) {
          return next(err)
        }
@@ -273,7 +283,6 @@ async function setUpPassport(express, xo, { authentication: authCfg, http: { coo
        }

        req.session.user = { id: user.id, preferences: user.preferences }
-        req.session.isPersistent = matches[1] === 'local' && req.body['remember-me'] === 'on'

        if (user.preferences?.otp !== undefined) {
          return res.redirect(303, '/signin-otp')