diff --git a/resources/templates/login.html b/resources/templates/login.html index 7ff6d69..61bad09 100644 --- a/resources/templates/login.html +++ b/resources/templates/login.html @@ -6,7 +6,7 @@

Um die Seite anzusehen oder die Aktion auszuführen wird ein Passwort benötigt.

-
+ {% csrf-field %}
diff --git a/src/clj/yenu/middleware.clj b/src/clj/yenu/middleware.clj index 0c66c03..07f03a6 100644 --- a/src/clj/yenu/middleware.clj +++ b/src/clj/yenu/middleware.clj @@ -1,24 +1,24 @@ (ns yenu.middleware - (:require [yenu.env :refer [defaults]] - [clojure.tools.logging :as log] - [yenu.layout :refer [*app-context* *identity* error-page]] + (:require [clojure.tools.logging :as log] [ring.middleware.anti-forgery :refer [wrap-anti-forgery]] [ring.middleware.webjars :refer [wrap-webjars]] [ring.middleware.format :refer [wrap-restful-format]] - [yenu.config :refer [env]] [ring.middleware.flash :refer [wrap-flash]] [ring.middleware.cookies :refer [wrap-cookies]] - [immutant.web.middleware :refer [wrap-session]] [ring.middleware.defaults :refer [site-defaults wrap-defaults]] - [buddy.auth.middleware :refer [wrap-authentication wrap-authorization]] - [buddy.auth.accessrules :refer [wrap-access-rules]] - [buddy.auth.backends.session :refer [session-backend]] - [buddy.auth.accessrules :refer [restrict]] [ring.util.response :refer [redirect]] - [buddy.auth.accessrules :refer [success error]] - [clojure.tools.logging :as log] - [digest :as digest] - [buddy.auth :refer [authenticated?]]) + [immutant.web.middleware :refer [wrap-session]] + + [yenu.env :refer [defaults]] + [yenu.config :refer [env]] + [yenu.layout :refer [*app-context* *identity* error-page]] + + [buddy.auth :refer [authenticated?]] + [buddy.auth.middleware :refer [wrap-authentication wrap-authorization]] + [buddy.auth.backends.session :refer [session-backend]] + [buddy.auth.accessrules :refer [wrap-access-rules success error restrict]] + + [digest :as digest]) (:import [javax.servlet ServletContext])) (defn wrap-context [handler] @@ -69,7 +69,7 @@ ((if (:websocket? request) handler wrapped) request)))) (defn on-error [request response] - (redirect "/login")) + (redirect (format "/login?next=%s" (:uri request)))) (defn creator-access [request] (let [identity (:identity request)] @@ -91,11 +91,10 @@ :handler authenticated?}]) (defn wrap-auth [handler] - (let [backend (session-backend)] - (-> handler - (wrap-access-rules {:rules rules :on-error on-error}) - (wrap-authentication backend) - (wrap-authorization backend)))) + (-> handler + (wrap-access-rules {:rules rules :on-error on-error}) + (wrap-authentication session-backend) + (wrap-authorization session-backend))) (defn wrap-base [handler] (-> ((:middleware defaults) handler) diff --git a/src/clj/yenu/routes/auth.clj b/src/clj/yenu/routes/auth.clj index 617ed88..0f7cf27 100644 --- a/src/clj/yenu/routes/auth.clj +++ b/src/clj/yenu/routes/auth.clj @@ -12,13 +12,14 @@ (defn login! [request] (let [password (get-in request [:form-params "password"]) session (:session request) - user-identity (valid-identity password)] + user-identity (valid-identity password) + next-url (get-in request [:params :next] "/page/1")] (if user-identity (let [updated-session (assoc session :identity user-identity)] - (-> (redirect "/page/1") + (-> (redirect next-url) (assoc :flash {:message "Erfolgreich eingeloggt." :type "success"}) (assoc :session updated-session))) - (-> (redirect "/login") + (-> (redirect (format "/login?next=%s" next-url)) (assoc :flash {:message "Falsches Passwort." :type "danger"}))))) (defn logout! [request]