Loading editor/html/index.html +1 −10 Original line number Diff line number Diff line Loading @@ -174,16 +174,7 @@ <hr style="border-color:var(--border);margin:1em 0"> <!-- Login & Connect section --> <h4 data-i18n="I18N_CONNECT">Verbinden</h4> <div class="set-field"> <label data-i18n="I18N_USERNAME">Benutzername</label> <input type="text" id="conn-username" placeholder="" autocomplete="username"> </div> <div class="set-field"> <label data-i18n="I18N_PASSWORD">Passwort</label> <input type="password" id="conn-password" placeholder="" autocomplete="current-password"> </div> <!-- Connect section --> <div class="set-field"> <button id="btn-conn-connect" class="set-save-btn" data-i18n="I18N_CONNECT">Verbinden</button> </div> Loading editor/html/js/api.js +2 −5 Original line number Diff line number Diff line Loading @@ -222,11 +222,8 @@ var EditorApi = (function() { return request('DELETE', '/api/connection/delete/' + id); }, connectToConnection: function(id, username, password) { return request('POST', '/api/connection/connect/' + id, { username: username, password: password }); connectToConnection: function(id) { return request('POST', '/api/connection/connect/' + id, {}); }, publishToConnection: function(id, target, params) { Loading editor/html/js/editor.js +2 −16 Original line number Diff line number Diff line Loading @@ -669,8 +669,6 @@ document.getElementById('conn-name').value = ''; document.getElementById('conn-url').value = ''; document.getElementById('conn-ignore-ssl').checked = false; document.getElementById('conn-username').value = ''; document.getElementById('conn-password').value = ''; document.getElementById('conn-publish-section').style.display = 'none'; document.getElementById('conn-form').style.display = 'block'; document.getElementById('conn-placeholder').style.display = 'none'; Loading Loading @@ -720,28 +718,18 @@ }); }); // Connect button: login to blog server // Connect button: use session authid to connect to blog server document.getElementById('btn-conn-connect').addEventListener('click', function() { var id = document.getElementById('conn-edit-id').value; if (!id) return; var username = document.getElementById('conn-username').value; var password = document.getElementById('conn-password').value; if (!username || !password) { var status = document.getElementById('conn-status'); status.textContent = I18n.t('I18N_LOGIN_REQUIRED', 'Benutzername und Passwort eingeben'); status.className = 'set-status error'; return; } var status = document.getElementById('conn-status'); status.textContent = I18n.t('I18N_CONNECTING', 'Verbinde...'); status.className = 'set-status'; EditorApi.connectToConnection(id, username, password).then(function(resp) { EditorApi.connectToConnection(id).then(function(resp) { connectedConnections[id] = true; status.textContent = I18n.t('I18N_CONNECTION_OK', 'Verbunden'); status.className = 'set-status success'; // Clear password from UI document.getElementById('conn-password').value = ''; // Show publish section with targets var targets = resp.targets || []; Loading Loading @@ -912,8 +900,6 @@ document.getElementById('conn-name').value = c.name; document.getElementById('conn-url').value = c.url; document.getElementById('conn-ignore-ssl').checked = c.ignore_ssl || false; document.getElementById('conn-username').value = ''; document.getElementById('conn-password').value = ''; document.getElementById('conn-form').style.display = 'block'; document.getElementById('conn-placeholder').style.display = 'none'; document.getElementById('conn-status').textContent = ''; Loading editor/src/webedit_api.cpp +27 −59 Original line number Diff line number Diff line Loading @@ -1603,75 +1603,44 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq, return; } // Get username/password from request body std::string body = getRequestBody(curreq); json_object *req = json_tokener_parse(body.c_str()); if (!req) { sendJsonError(curreq, 400, "Invalid JSON"); return; } json_object *userObj = nullptr, *passObj = nullptr; json_object_object_get_ex(req, "username", &userObj); json_object_object_get_ex(req, "password", &passObj); std::string username = userObj ? json_object_get_string(userObj) : ""; std::string password = passObj ? json_object_get_string(passObj) : ""; // Use the authid from the editor login session (centralized authdb) std::string authid; _session.getData(sessionid, "authid", authid); if (username.empty() || password.empty()) { json_object_put(req); sendJsonError(curreq, 400, "Username and password are required"); if (authid.empty()) { sendJsonError(curreq, 401, "No active session"); return; } json_object_put(req); try { // Step 1: Login to blog server // Send: [{"login": {"username":"...","password":"..."}}] json_object *loginArr = json_object_new_array(); json_object *loginCmd = json_object_new_object(); json_object *loginParams = json_object_new_object(); json_object_object_add(loginParams, "username", json_object_new_string(username.c_str())); json_object_object_add(loginParams, "password", json_object_new_string(password.c_str())); json_object_object_add(loginCmd, "login", loginParams); json_object_array_add(loginArr, loginCmd); json_object *loginResp = blogApiCall(blogUrl, loginArr); json_object_put(loginArr); if (!loginResp || !json_object_is_type(loginResp, json_type_array)) { if (loginResp) json_object_put(loginResp); // Verify the authid works against the blog server // Send: [{"authid":"..."}] json_object *checkArr = json_object_new_array(); json_object *authObj = json_object_new_object(); json_object_object_add(authObj, "authid", json_object_new_string(authid.c_str())); json_object_array_add(checkArr, authObj); json_object *checkResp = blogApiCall(blogUrl, checkArr); json_object_put(checkArr); if (!checkResp || !json_object_is_type(checkResp, json_type_array)) { if (checkResp) json_object_put(checkResp); sendJsonError(curreq, 502, "Invalid response from blog server"); return; } // Check login response: [{"login_success": {"authid":"..."}}] or [{"login_failure":...}] std::string authid; size_t respLen = json_object_array_length(loginResp); // Check for auth failure size_t respLen = json_object_array_length(checkResp); for (size_t i = 0; i < respLen; ++i) { json_object *item = json_object_array_get_idx(loginResp, i); json_object *successObj = nullptr, *failObj = nullptr; if (json_object_object_get_ex(item, "login_success", &successObj)) { json_object *aidObj = nullptr; if (json_object_object_get_ex(successObj, "authid", &aidObj)) authid = json_object_get_string(aidObj); } if (json_object_object_get_ex(item, "login_failure", &failObj)) { json_object *errObj = nullptr; std::string errMsg = "Login failed"; if (json_object_object_get_ex(failObj, "error", &errObj)) errMsg = json_object_get_string(errObj); json_object_put(loginResp); sendJsonError(curreq, 401, errMsg); json_object *item = json_object_array_get_idx(checkResp, i); json_object *failObj = nullptr; if (json_object_object_get_ex(item, "auth_failure", &failObj)) { json_object_put(checkResp); sendJsonError(curreq, 401, "Auth session not valid on blog server"); return; } } json_object_put(loginResp); if (authid.empty()) { sendJsonError(curreq, 401, "Login failed: no authid received"); return; } json_object_put(checkResp); // Store authid in session cache { Loading @@ -1679,7 +1648,7 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq, _connSessions[connId] = {authid, blogUrl}; } // Step 2: Get publish targets using authid // Get publish targets using authid // Send: [{"authid":"..."}, {"command":"list_publish_targets"}] json_object *targetsArr = json_object_new_array(); json_object *authCmd = json_object_new_object(); Loading @@ -1698,9 +1667,8 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq, size_t tLen = json_object_array_length(targetsResp); for (size_t i = 0; i < tLen; ++i) { json_object *item = json_object_array_get_idx(targetsResp, i); json_object *statusObj = nullptr, *tgtsObj = nullptr; json_object *tgtsObj = nullptr; if (json_object_object_get_ex(item, "targets", &tgtsObj)) { // Copy the targets array targetsResult = json_object_get(tgtsObj); break; } Loading Loading
editor/html/index.html +1 −10 Original line number Diff line number Diff line Loading @@ -174,16 +174,7 @@ <hr style="border-color:var(--border);margin:1em 0"> <!-- Login & Connect section --> <h4 data-i18n="I18N_CONNECT">Verbinden</h4> <div class="set-field"> <label data-i18n="I18N_USERNAME">Benutzername</label> <input type="text" id="conn-username" placeholder="" autocomplete="username"> </div> <div class="set-field"> <label data-i18n="I18N_PASSWORD">Passwort</label> <input type="password" id="conn-password" placeholder="" autocomplete="current-password"> </div> <!-- Connect section --> <div class="set-field"> <button id="btn-conn-connect" class="set-save-btn" data-i18n="I18N_CONNECT">Verbinden</button> </div> Loading
editor/html/js/api.js +2 −5 Original line number Diff line number Diff line Loading @@ -222,11 +222,8 @@ var EditorApi = (function() { return request('DELETE', '/api/connection/delete/' + id); }, connectToConnection: function(id, username, password) { return request('POST', '/api/connection/connect/' + id, { username: username, password: password }); connectToConnection: function(id) { return request('POST', '/api/connection/connect/' + id, {}); }, publishToConnection: function(id, target, params) { Loading
editor/html/js/editor.js +2 −16 Original line number Diff line number Diff line Loading @@ -669,8 +669,6 @@ document.getElementById('conn-name').value = ''; document.getElementById('conn-url').value = ''; document.getElementById('conn-ignore-ssl').checked = false; document.getElementById('conn-username').value = ''; document.getElementById('conn-password').value = ''; document.getElementById('conn-publish-section').style.display = 'none'; document.getElementById('conn-form').style.display = 'block'; document.getElementById('conn-placeholder').style.display = 'none'; Loading Loading @@ -720,28 +718,18 @@ }); }); // Connect button: login to blog server // Connect button: use session authid to connect to blog server document.getElementById('btn-conn-connect').addEventListener('click', function() { var id = document.getElementById('conn-edit-id').value; if (!id) return; var username = document.getElementById('conn-username').value; var password = document.getElementById('conn-password').value; if (!username || !password) { var status = document.getElementById('conn-status'); status.textContent = I18n.t('I18N_LOGIN_REQUIRED', 'Benutzername und Passwort eingeben'); status.className = 'set-status error'; return; } var status = document.getElementById('conn-status'); status.textContent = I18n.t('I18N_CONNECTING', 'Verbinde...'); status.className = 'set-status'; EditorApi.connectToConnection(id, username, password).then(function(resp) { EditorApi.connectToConnection(id).then(function(resp) { connectedConnections[id] = true; status.textContent = I18n.t('I18N_CONNECTION_OK', 'Verbunden'); status.className = 'set-status success'; // Clear password from UI document.getElementById('conn-password').value = ''; // Show publish section with targets var targets = resp.targets || []; Loading Loading @@ -912,8 +900,6 @@ document.getElementById('conn-name').value = c.name; document.getElementById('conn-url').value = c.url; document.getElementById('conn-ignore-ssl').checked = c.ignore_ssl || false; document.getElementById('conn-username').value = ''; document.getElementById('conn-password').value = ''; document.getElementById('conn-form').style.display = 'block'; document.getElementById('conn-placeholder').style.display = 'none'; document.getElementById('conn-status').textContent = ''; Loading
editor/src/webedit_api.cpp +27 −59 Original line number Diff line number Diff line Loading @@ -1603,75 +1603,44 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq, return; } // Get username/password from request body std::string body = getRequestBody(curreq); json_object *req = json_tokener_parse(body.c_str()); if (!req) { sendJsonError(curreq, 400, "Invalid JSON"); return; } json_object *userObj = nullptr, *passObj = nullptr; json_object_object_get_ex(req, "username", &userObj); json_object_object_get_ex(req, "password", &passObj); std::string username = userObj ? json_object_get_string(userObj) : ""; std::string password = passObj ? json_object_get_string(passObj) : ""; // Use the authid from the editor login session (centralized authdb) std::string authid; _session.getData(sessionid, "authid", authid); if (username.empty() || password.empty()) { json_object_put(req); sendJsonError(curreq, 400, "Username and password are required"); if (authid.empty()) { sendJsonError(curreq, 401, "No active session"); return; } json_object_put(req); try { // Step 1: Login to blog server // Send: [{"login": {"username":"...","password":"..."}}] json_object *loginArr = json_object_new_array(); json_object *loginCmd = json_object_new_object(); json_object *loginParams = json_object_new_object(); json_object_object_add(loginParams, "username", json_object_new_string(username.c_str())); json_object_object_add(loginParams, "password", json_object_new_string(password.c_str())); json_object_object_add(loginCmd, "login", loginParams); json_object_array_add(loginArr, loginCmd); json_object *loginResp = blogApiCall(blogUrl, loginArr); json_object_put(loginArr); if (!loginResp || !json_object_is_type(loginResp, json_type_array)) { if (loginResp) json_object_put(loginResp); // Verify the authid works against the blog server // Send: [{"authid":"..."}] json_object *checkArr = json_object_new_array(); json_object *authObj = json_object_new_object(); json_object_object_add(authObj, "authid", json_object_new_string(authid.c_str())); json_object_array_add(checkArr, authObj); json_object *checkResp = blogApiCall(blogUrl, checkArr); json_object_put(checkArr); if (!checkResp || !json_object_is_type(checkResp, json_type_array)) { if (checkResp) json_object_put(checkResp); sendJsonError(curreq, 502, "Invalid response from blog server"); return; } // Check login response: [{"login_success": {"authid":"..."}}] or [{"login_failure":...}] std::string authid; size_t respLen = json_object_array_length(loginResp); // Check for auth failure size_t respLen = json_object_array_length(checkResp); for (size_t i = 0; i < respLen; ++i) { json_object *item = json_object_array_get_idx(loginResp, i); json_object *successObj = nullptr, *failObj = nullptr; if (json_object_object_get_ex(item, "login_success", &successObj)) { json_object *aidObj = nullptr; if (json_object_object_get_ex(successObj, "authid", &aidObj)) authid = json_object_get_string(aidObj); } if (json_object_object_get_ex(item, "login_failure", &failObj)) { json_object *errObj = nullptr; std::string errMsg = "Login failed"; if (json_object_object_get_ex(failObj, "error", &errObj)) errMsg = json_object_get_string(errObj); json_object_put(loginResp); sendJsonError(curreq, 401, errMsg); json_object *item = json_object_array_get_idx(checkResp, i); json_object *failObj = nullptr; if (json_object_object_get_ex(item, "auth_failure", &failObj)) { json_object_put(checkResp); sendJsonError(curreq, 401, "Auth session not valid on blog server"); return; } } json_object_put(loginResp); if (authid.empty()) { sendJsonError(curreq, 401, "Login failed: no authid received"); return; } json_object_put(checkResp); // Store authid in session cache { Loading @@ -1679,7 +1648,7 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq, _connSessions[connId] = {authid, blogUrl}; } // Step 2: Get publish targets using authid // Get publish targets using authid // Send: [{"authid":"..."}, {"command":"list_publish_targets"}] json_object *targetsArr = json_object_new_array(); json_object *authCmd = json_object_new_object(); Loading @@ -1698,9 +1667,8 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq, size_t tLen = json_object_array_length(targetsResp); for (size_t i = 0; i < tLen; ++i) { json_object *item = json_object_array_get_idx(targetsResp, i); json_object *statusObj = nullptr, *tgtsObj = nullptr; json_object *tgtsObj = nullptr; if (json_object_object_get_ex(item, "targets", &tgtsObj)) { // Copy the targets array targetsResult = json_object_get(tgtsObj); break; } Loading