Security- Login

Fixed login modal issue where logging out and immediately clicking Sign In button without entering username/password would log back in as prior user.

awx/ui/static/js/controllers/Authentication.js

@@ -14,13 +14,15 @@ function Authenticate($log, $cookieStore, $compile, $window, $scope, $rootScope,
     Timer, Empty) {
 
     var setLoginFocus, lastPath, sessionExpired,
-        e, scope = $rootScope.$new();
+        e, html, scope = $rootScope.$new();
 
     setLoginFocus = function () {
         $('#login-username').focus();
     };
 
-    sessionExpired = (Empty($rootScope.sessionExpired)) ? $cookieStore.get('sessionExpired') : $rootScope.sessionExpired;
+    scope.sessionExpired = (Empty($rootScope.sessionExpired)) ? $cookieStore.get('sessionExpired') : $rootScope.sessionExpired;
+    scope.login_username = '';
+    scope.login_password = '';
 
     lastPath = function () {
         return (Empty($rootScope.lastPath)) ? $cookieStore.get('lastPath') : $rootScope.lastPath;
@@ -41,6 +43,50 @@ function Authenticate($log, $cookieStore, $compile, $window, $scope, $rootScope,
     Wait('stop');
     window.scrollTo(0,0);
 
+    if ($location.path() === '/logout') {
+        //if logout request, clear AuthToken and user session data
+        Authorization.logout();
+    }
+
+    e = angular.element(document.getElementById('login-modal-content'));
+    html = "<div class=\"modal-header login-header\">\n" +
+        "<img src=\"" + $basePath + "img/tower_console_logo.png\" />" +
+        "</div>\n" +
+        "<div class=\"modal-body\" id=\"login-modal-body\">\n" +
+        "<div class=\"login-alert\" ng-show=\"(sessionExpired == false)\">Welcome to Ansible Tower! &nbsp;Please sign in.</div>\n" +
+        "<div class=\"login-alert\" ng-show=\"(sessionExpired == true)\">Your session timed out due to inactivity. Please sign in.</div>\n" +
+        "<form id=\"login-form\" name=\"loginForm\" class=\"form-horizontal\" autocomplete=\"off\" novalidate >\n" +
+        "<div class=\"form-group\">\n" +
+        "<label class=\"control-label col-md-offset-1 col-md-2 col-sm-offset-1 col-sm-2 col-xs-3 prepend-asterisk\">Username</label>\n" +
+        "<div class=\"col-md-8 col-sm-8 col-xs-9\">\n" +
+        "<input type=\"text\" name=\"login_username\" class=\"form-control\" ng-model=\"login_username\"" +
+        "id=\"login-username\" autocomplete=\"off\" required>\n" +
+        "<div class=\"error\" ng-show=\"loginForm.login_username.$dirty && loginForm.login_username.$error.required\">A value is required!</div>\n" +
+        "<div class=\"error api-error\" ng-bind=\"usernameError\"></div>\n" +
+        "</div>\n" +
+        "</div>\n" +
+        "<div class=\"form-group\">\n" +
+        "<label class=\"control-label col-md-offset-1 col-md-2 col-sm-offset-1 col-sm-2 col-xs-3 prepend-asterisk\">Password</label>\n" +
+        "<div class=\"col-md-8 col-sm-8 col-xs-9\">\n" +
+        "<input type=\"password\" name=\"login_password\" id=\"login-password\" class=\"form-control\"" +
+        "ng-model=\"login_password\" required autocomplete=\"off\">\n" +
+        "<div class=\"error\" ng-show=\"loginForm.login_password.$dirty && loginForm.login_password.$error.required\">A value is required!</div>\n" +
+        "<div class=\"error api-error\" ng-bind=\"passwordError\"></div>\n" +
+        "</div>\n" +
+        "</div>\n" +
+        "</form>\n" +
+        "</div>\n" +
+        "<div class=\"modal-footer\">\n" +
+        "<button ng-click=\"systemLogin(login_username, login_password)\" id=\"login-button\" class=\"btn btn-primary\"><i class=\"fa fa-sign-in\"></i> Sign In</button>\n" +
+        "</div>\n";
+    e.empty().html(html);
+    $compile(e)(scope);
+
+    // Set focus to username field
+    $('#login-modal').on('shown.bs.modal', function () {
+        setLoginFocus();
+    });
+
     // Display the login dialog
     $('#login-modal').modal({
         show: true,
@@ -48,27 +94,11 @@ function Authenticate($log, $cookieStore, $compile, $window, $scope, $rootScope,
         backdrop: 'static'
     });
 
-    // Set focus to username field
-    $('#login-modal').on('shown.bs.modal', function () {
-        setLoginFocus();
-    });
-
-    e = angular.element(document.getElementById('login-modal'));
-    $compile(e)(scope);
-
     // Reset the login form
-    scope.login_username = null;
-    scope.login_password = null;
-    scope.loginForm.login_username.$setPristine();
-    scope.loginForm.login_password.$setPristine();
-
-    if ($location.path() === '/logout') {
-        //if logout request, clear AuthToken and user session data
-        Authorization.logout();
-    }
-
-    $rootScope.userLoggedIn = false; //hide the logout link. if you got here, you're logged out.
-    $cookieStore.put('userLoggedIn', false); //gets set back to true by Authorization.setToken().
+    //scope.loginForm.login_username.$setPristine();
+    //scope.loginForm.login_password.$setPristine();
+    //$rootScope.userLoggedIn = false; //hide the logout link. if you got here, you're logged out.
+    //$cookieStore.put('userLoggedIn', false); //gets set back to true by Authorization.setToken().
 
     $('#login-password').bind('keypress', function (e) {
         var code = (e.keyCode ? e.keyCode : e.which);