Commit d4fcd0bb authored by jan.koester's avatar jan.koester
Browse files

tes

parent 80ab36e1
Loading
Loading
Loading
Loading
+1 −10
Original line number Diff line number Diff line
@@ -174,16 +174,7 @@

                    <hr style="border-color:var(--border);margin:1em 0">

                    <!-- Login & Connect section -->
                    <h4 data-i18n="I18N_CONNECT">Verbinden</h4>
                    <div class="set-field">
                        <label data-i18n="I18N_USERNAME">Benutzername</label>
                        <input type="text" id="conn-username" placeholder="" autocomplete="username">
                    </div>
                    <div class="set-field">
                        <label data-i18n="I18N_PASSWORD">Passwort</label>
                        <input type="password" id="conn-password" placeholder="" autocomplete="current-password">
                    </div>
                    <!-- Connect section -->
                    <div class="set-field">
                        <button id="btn-conn-connect" class="set-save-btn" data-i18n="I18N_CONNECT">Verbinden</button>
                    </div>
+2 −5
Original line number Diff line number Diff line
@@ -222,11 +222,8 @@ var EditorApi = (function() {
            return request('DELETE', '/api/connection/delete/' + id);
        },

        connectToConnection: function(id, username, password) {
            return request('POST', '/api/connection/connect/' + id, {
                username: username,
                password: password
            });
        connectToConnection: function(id) {
            return request('POST', '/api/connection/connect/' + id, {});
        },

        publishToConnection: function(id, target, params) {
+2 −16
Original line number Diff line number Diff line
@@ -669,8 +669,6 @@
            document.getElementById('conn-name').value = '';
            document.getElementById('conn-url').value = '';
            document.getElementById('conn-ignore-ssl').checked = false;
            document.getElementById('conn-username').value = '';
            document.getElementById('conn-password').value = '';
            document.getElementById('conn-publish-section').style.display = 'none';
            document.getElementById('conn-form').style.display = 'block';
            document.getElementById('conn-placeholder').style.display = 'none';
@@ -720,28 +718,18 @@
            });
        });

        // Connect button: login to blog server
        // Connect button: use session authid to connect to blog server
        document.getElementById('btn-conn-connect').addEventListener('click', function() {
            var id = document.getElementById('conn-edit-id').value;
            if (!id) return;
            var username = document.getElementById('conn-username').value;
            var password = document.getElementById('conn-password').value;
            if (!username || !password) {
                var status = document.getElementById('conn-status');
                status.textContent = I18n.t('I18N_LOGIN_REQUIRED', 'Benutzername und Passwort eingeben');
                status.className = 'set-status error';
                return;
            }
            var status = document.getElementById('conn-status');
            status.textContent = I18n.t('I18N_CONNECTING', 'Verbinde...');
            status.className = 'set-status';

            EditorApi.connectToConnection(id, username, password).then(function(resp) {
            EditorApi.connectToConnection(id).then(function(resp) {
                connectedConnections[id] = true;
                status.textContent = I18n.t('I18N_CONNECTION_OK', 'Verbunden');
                status.className = 'set-status success';
                // Clear password from UI
                document.getElementById('conn-password').value = '';

                // Show publish section with targets
                var targets = resp.targets || [];
@@ -912,8 +900,6 @@
                    document.getElementById('conn-name').value = c.name;
                    document.getElementById('conn-url').value = c.url;
                    document.getElementById('conn-ignore-ssl').checked = c.ignore_ssl || false;
                    document.getElementById('conn-username').value = '';
                    document.getElementById('conn-password').value = '';
                    document.getElementById('conn-form').style.display = 'block';
                    document.getElementById('conn-placeholder').style.display = 'none';
                    document.getElementById('conn-status').textContent = '';
+27 −59
Original line number Diff line number Diff line
@@ -1603,75 +1603,44 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq,
        return;
    }

    // Get username/password from request body
    std::string body = getRequestBody(curreq);
    json_object *req = json_tokener_parse(body.c_str());
    if (!req) {
        sendJsonError(curreq, 400, "Invalid JSON");
        return;
    }

    json_object *userObj = nullptr, *passObj = nullptr;
    json_object_object_get_ex(req, "username", &userObj);
    json_object_object_get_ex(req, "password", &passObj);

    std::string username = userObj ? json_object_get_string(userObj) : "";
    std::string password = passObj ? json_object_get_string(passObj) : "";
    // Use the authid from the editor login session (centralized authdb)
    std::string authid;
    _session.getData(sessionid, "authid", authid);

    if (username.empty() || password.empty()) {
        json_object_put(req);
        sendJsonError(curreq, 400, "Username and password are required");
    if (authid.empty()) {
        sendJsonError(curreq, 401, "No active session");
        return;
    }
    json_object_put(req);

    try {
        // Step 1: Login to blog server
        // Send: [{"login": {"username":"...","password":"..."}}]
        json_object *loginArr = json_object_new_array();
        json_object *loginCmd = json_object_new_object();
        json_object *loginParams = json_object_new_object();
        json_object_object_add(loginParams, "username", json_object_new_string(username.c_str()));
        json_object_object_add(loginParams, "password", json_object_new_string(password.c_str()));
        json_object_object_add(loginCmd, "login", loginParams);
        json_object_array_add(loginArr, loginCmd);

        json_object *loginResp = blogApiCall(blogUrl, loginArr);
        json_object_put(loginArr);

        if (!loginResp || !json_object_is_type(loginResp, json_type_array)) {
            if (loginResp) json_object_put(loginResp);
        // Verify the authid works against the blog server
        // Send: [{"authid":"..."}]
        json_object *checkArr = json_object_new_array();
        json_object *authObj = json_object_new_object();
        json_object_object_add(authObj, "authid", json_object_new_string(authid.c_str()));
        json_object_array_add(checkArr, authObj);

        json_object *checkResp = blogApiCall(blogUrl, checkArr);
        json_object_put(checkArr);

        if (!checkResp || !json_object_is_type(checkResp, json_type_array)) {
            if (checkResp) json_object_put(checkResp);
            sendJsonError(curreq, 502, "Invalid response from blog server");
            return;
        }

        // Check login response: [{"login_success": {"authid":"..."}}] or [{"login_failure":...}]
        std::string authid;
        size_t respLen = json_object_array_length(loginResp);
        // Check for auth failure
        size_t respLen = json_object_array_length(checkResp);
        for (size_t i = 0; i < respLen; ++i) {
            json_object *item = json_object_array_get_idx(loginResp, i);
            json_object *successObj = nullptr, *failObj = nullptr;
            if (json_object_object_get_ex(item, "login_success", &successObj)) {
                json_object *aidObj = nullptr;
                if (json_object_object_get_ex(successObj, "authid", &aidObj))
                    authid = json_object_get_string(aidObj);
            }
            if (json_object_object_get_ex(item, "login_failure", &failObj)) {
                json_object *errObj = nullptr;
                std::string errMsg = "Login failed";
                if (json_object_object_get_ex(failObj, "error", &errObj))
                    errMsg = json_object_get_string(errObj);
                json_object_put(loginResp);
                sendJsonError(curreq, 401, errMsg);
            json_object *item = json_object_array_get_idx(checkResp, i);
            json_object *failObj = nullptr;
            if (json_object_object_get_ex(item, "auth_failure", &failObj)) {
                json_object_put(checkResp);
                sendJsonError(curreq, 401, "Auth session not valid on blog server");
                return;
            }
        }
        json_object_put(loginResp);

        if (authid.empty()) {
            sendJsonError(curreq, 401, "Login failed: no authid received");
            return;
        }
        json_object_put(checkResp);

        // Store authid in session cache
        {
@@ -1679,7 +1648,7 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq,
            _connSessions[connId] = {authid, blogUrl};
        }

        // Step 2: Get publish targets using authid
        // Get publish targets using authid
        // Send: [{"authid":"..."}, {"command":"list_publish_targets"}]
        json_object *targetsArr = json_object_new_array();
        json_object *authCmd = json_object_new_object();
@@ -1698,9 +1667,8 @@ void webedit::Api::handleConnectToConnection(libhttppp::HttpRequest &curreq,
            size_t tLen = json_object_array_length(targetsResp);
            for (size_t i = 0; i < tLen; ++i) {
                json_object *item = json_object_array_get_idx(targetsResp, i);
                json_object *statusObj = nullptr, *tgtsObj = nullptr;
                json_object *tgtsObj = nullptr;
                if (json_object_object_get_ex(item, "targets", &tgtsObj)) {
                    // Copy the targets array
                    targetsResult = json_object_get(tgtsObj);
                    break;
                }