search

getgrav / grav-skeleton-landio-site

Land.io is a carefully crafted landing page UI kit and landing page template built on Bootstrap 4, designed by Peter Finlan and developed by Taty Grassini.
https://getgrav.org
Other
24 stars 20 forks source link

Login form: access denied #11

Open dimitarsp opened 7 years ago

dimitarsp commented 7 years ago

Trying to understand the functionality of the login incorporation in the menu. When I try to login myself, or another test user in a just-installed skeleton, i get the following: Access Denied...

rhukster commented 7 years ago

What steps did you perform? Did you setup an access: attribute on the page like this:

access:
    site.login: true

Did you install the login plugin? Did you get prompted for a username/password? If so does the user have the correct site.login access defined in it's account.yaml?

dimitarsp commented 7 years ago

I am not sure where to put 

access: 
   site.login: true

Here the login.md as provided by the skeleton:

---
title: User Login
slug: user-login
navbar_class: navbar-dark bg-inverse

form:
  name: login
  action:
  method: post

  fields:
      - name: username
        id: username
        type: text
        placeholder: Username
        autofocus: true
        classes: form-control form-control-lg

      - name: password
        id: password
        type: password
        placeholder: Password  
        classes: form-control form-control-lg

---
igkvl commented 6 years ago

You should change file ..\user\themes\landio\templates\partials\login-form.html.twig to that adopted new content of login-form between section tags:

`{% if page.template == 'login' or show_login_form %}

<div class="container">
    <div class="row text-center">
        <div class="col-md-8 col-xl-4 col-xl-offset-4">

    {% set user = grav.user %}
    {% if user.authenticated and user.authorized %}
        <h3 class="p-y text-center">{{ 'PLUGIN_LOGIN.WELCOME'|t }} <strong>{{ user.fullname ?: user.username }}</strong></h3>
        <a class="btn btn-primary btn-block" href="{{ uri.addNonce(base_url_relative ~ uri.path ~ '/task' ~ config.system.param_sep ~ 'login.logout', 'logout-form', 'logout-nonce')|e }}">{{ 'PLUGIN_LOGIN.BTN_LOGOUT'|t }}</a>

    {% elseif user.authenticated and user.twofa_enabled %}
        {% include 'partials/login-twofa.html.twig' %}

    {% else %}

        {{ content|raw }}

        {# NEW WAY OF INCLUDING 3RD PARTY LOGIN OPTIONS #}
        {% for template in grav.login.getProviderLoginTemplates %}
            {% include template %}
        {% endfor %}

        <form method="post" action="{{ (base_url_relative ~ uri.path)|e }}" class="{{ form_outer_classes }}">        

            {# OLD WAY OF INCLUDING 3RD PARTY LOGIN OPTIONS #}
            {% if grav.twig.plugins_hooked_loginPage %}
                {% for label in grav.twig.plugins_hooked_loginPage %}
                    {% include label %}
                {% endfor %}
            {% endif %}

            {% for field in form.fields %}
                {% set value = field.name == 'username' ? username : '' %}
                {% if field.type %}
                    {% include ["forms/fields/#{field.type}/#{field.type}.html.twig", 'forms/fields/text/text.html.twig'] %}
                {% endif %}
            {% endfor %}

           <div class="{{ form_button_outer_classes ?: 'form-actions secondary-accent' }}">
                {% if config.plugins.login.rememberme.enabled and page.header.form.login.rememberme ?? true %}
                    <div class="form-data rememberme" data-grav-default="null" data-grav-disabled="true" data-grav-field="checkbox">
                        <div class="form-input-wrapper">
                            <input type="checkbox" value="1" name="rememberme" id="#rememberme">
                            <label class="inline" for="#rememberme" title="{{ 'PLUGIN_LOGIN.REMEMBER_ME_HELP'|t }}">{{ 'PLUGIN_LOGIN.REMEMBER_ME'|t }}</label>
                        </div>
                    </div>
                {% endif %}
                <div class="form-actions secondary-accent">
                    <button class="{{ form_button_classes ?: 'btn btn-primary btn-block' }}" type="submit"  name="task" value="login.login"><i class="fa fa-sign-in"></i> {{ 'PLUGIN_LOGIN.BTN_LOGIN'|t }}</button>
                    {% if page.header.form.login.forgot_button ?? true %}
                        <a class="{{ form_button_classes ?: 'button secondary' }}" href="{{ base_url_relative }}{{ config.plugins.login.route_forgot }}"><i class="fa fa-exclamation-circle"></i> {{ 'PLUGIN_LOGIN.BTN_FORGOT'|t }}</a>
                    {% endif %}
        </div>
            </div>

            {{ nonce_field('login-form', 'login-form-nonce')|raw }}
        </form>

    {% endif %}

     <p>
       {% include 'partials/messages.html.twig' %}
     </p>

   </div>

{% endif %} `

Or you can take template from ..\user\plugins\login\templates\partials\login-form.html.twig

Lyrain commented 5 years ago

I could reproduce the bug with the default configuration, but managed to fix the "Access denied message" by editing login-form.html.twig and adding the {{ nonce_field('login-form', 'login-form-nonce')|raw }} just before the closing </form> tag.

rhukster commented 5 years ago

Looks like some of those themes need to get their templates updated.. Will try to get these updated this coming week. Thanks.