From 020769f403ef4cf1880bd061b6db6b4f4028d3e4 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew-github@dracos.co.uk>
Date: Thu, 1 Dec 2016 18:23:54 +0000
Subject: Return 400/500 for some client/server errors.

---
 perllib/FixMyStreet/App/Controller/Auth.pm | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index 40cd163cf..c448f8749 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -271,9 +271,8 @@ sub facebook_callback: Path('/auth/Facebook') : Args(0) {
         $access_token = $fb->get_access_token(code => $c->get_param('code'));
     };
     if ($@) {
-        ($c->stash->{message} = $@) =~ s/at [^ ]*Auth.pm.*//;
-        $c->stash->{template} = 'errors/generic.html';
-        $c->detach;
+        (my $message = $@) =~ s/at [^ ]*Auth.pm.*//;
+        $c->detach('/page_error_500_internal_error', [ $message ]);
     }
 
     # save this token in session
@@ -339,9 +338,8 @@ sub twitter_callback: Path('/auth/Twitter') : Args(0) {
         $twitter->request_access_token(verifier => $verifier);
     };
     if ($@) {
-        ($c->stash->{message} = $@) =~ s/at [^ ]*Auth.pm.*//;
-        $c->stash->{template} = 'errors/generic.html';
-        $c->detach;
+        (my $message = $@) =~ s/at [^ ]*Auth.pm.*//;
+        $c->detach('/page_error_500_internal_error', [ $message ]);
     }
 
     my $info = $twitter->verify_credentials();
@@ -527,8 +525,7 @@ sub check_csrf_token : Private {
 
 sub no_csrf_token : Private {
     my ($self, $c) = @_;
-    $c->stash->{message} = _('Unknown error');
-    $c->stash->{template} = 'errors/generic.html';
+    $c->detach('/page_error_400_bad_request', []);
 }
 
 =head2 sign_out
-- 
cgit v1.2.3


From 831f0addbac7eb3e6641877c936f90279d1bb186 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew-github@dracos.co.uk>
Date: Thu, 12 Jan 2017 15:24:16 +0000
Subject: Make sure csrf_time is deleted after use.

If an out-of-date token was passed to check_csrf_token, then no new
token would be output on the error page because csrf_time was still
present.
---
 perllib/FixMyStreet/App/Controller/Auth.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index c448f8749..6e8057723 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -516,11 +516,12 @@ sub check_csrf_token : Private {
     $token =~ s/ /+/g;
     my ($time) = $token =~ /^(\d+)-[0-9a-zA-Z+\/]+$/;
     $c->stash->{csrf_time} = $time;
+    my $gen_token = $c->forward('get_csrf_token');
+    delete $c->stash->{csrf_time};
     $c->detach('no_csrf_token')
         unless $time
             && $time > time() - 3600
-            && $token eq $c->forward('get_csrf_token');
-    delete $c->stash->{csrf_time};
+            && $token eq $gen_token;
 }
 
 sub no_csrf_token : Private {
-- 
cgit v1.2.3


From 047044ee8e1c9c8e79182c3a61808bbaa7ccfc9c Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew-github@dracos.co.uk>
Date: Tue, 17 Jan 2017 17:45:50 +0000
Subject: Lowercase email when signing in.

---
 perllib/FixMyStreet/App/Controller/Auth.pm | 1 +
 1 file changed, 1 insertion(+)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index 6e8057723..825033f21 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -70,6 +70,7 @@ sub sign_in : Private {
     my ( $self, $c, $email ) = @_;
 
     $email ||= $c->get_param('email') || '';
+    $email = lc $email;
     my $password = $c->get_param('password_sign_in') || '';
     my $remember_me = $c->get_param('remember_me') || 0;
 
-- 
cgit v1.2.3


From 8b08bf14e7b6bd1244713940008569a3a33f3b0e Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Mon, 30 Jan 2017 17:26:03 +0000
Subject: Follow redirect to /admin after login if allowed

---
 perllib/FixMyStreet/App/Controller/Auth.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index 825033f21..dac9d3ec7 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -413,7 +413,7 @@ Used after signing in to take the person back to where they were.
 sub redirect_on_signin : Private {
     my ( $self, $c, $redirect ) = @_;
     $redirect = 'my' unless $redirect;
-    $redirect = 'my' if $redirect =~ /^admin/ && !$c->user->is_superuser;
+    $redirect = 'my' if $redirect =~ /^admin/ && !$c->cobrand->admin_allow_user($c->user);
     if ( $c->cobrand->moniker eq 'zurich' ) {
         $redirect = 'admin' if $c->user->from_body;
     }
-- 
cgit v1.2.3


From 4d5dda00af66ce32cbab8dc4d42466cace5e1022 Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Mon, 30 Jan 2017 17:55:17 +0000
Subject: Redirect to category-filtered /reports on login

If the user has a from_body and at least one category set.
---
 perllib/FixMyStreet/App/Controller/Auth.pm | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index dac9d3ec7..b41e88209 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -412,7 +412,10 @@ Used after signing in to take the person back to where they were.
 
 sub redirect_on_signin : Private {
     my ( $self, $c, $redirect ) = @_;
-    $redirect = 'my' unless $redirect;
+    unless ( $redirect ) {
+        $c->detach('redirect_to_categories') if $c->user->from_body && scalar @{ $c->user->categories };
+        $redirect = 'my';
+    }
     $redirect = 'my' if $redirect =~ /^admin/ && !$c->cobrand->admin_allow_user($c->user);
     if ( $c->cobrand->moniker eq 'zurich' ) {
         $redirect = 'admin' if $c->user->from_body;
@@ -420,6 +423,22 @@ sub redirect_on_signin : Private {
     $c->res->redirect( $c->uri_for( "/$redirect" ) );
 }
 
+=head2 redirect_to_categories
+
+Redirects the user to their body's reports page, prefiltered to whatever
+categories this user has been assigned to.
+
+=cut
+
+sub redirect_to_categories : Private {
+    my ( $self, $c ) = @_;
+
+    my $categories = join(',', @{ $c->user->categories });
+    my $body_short = $c->cobrand->short_name( $c->user->from_body );
+
+    $c->res->redirect( $c->uri_for( "/reports/" . $body_short, { filter_category => $categories } ) );
+}
+
 =head2 redirect
 
 Used when trying to view a page that requires sign in when you're not.
-- 
cgit v1.2.3


From 9efe4d14d1415e2fa060891b8be8ffec8b237911 Mon Sep 17 00:00:00 2001
From: pezholio <pezholio@gmail.com>
Date: Wed, 18 Jan 2017 16:24:45 +0000
Subject: Use Token params for redirect on login

Tokens can include a 'p' field in their data to set query params for the
post-login redirect URL.
---
 perllib/FixMyStreet/App/Controller/Auth.pm | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index b41e88209..70821f79d 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -223,7 +223,7 @@ sub token : Path('/M') : Args(1) {
     $c->authenticate( { email => $user->email }, 'no_password' );
 
     # send the user to their page
-    $c->detach( 'redirect_on_signin', [ $data->{r} ] );
+    $c->detach( 'redirect_on_signin', [ $data->{r}, $data->{p} ] );
 }
 
 =head2 facebook_sign_in
@@ -411,7 +411,7 @@ Used after signing in to take the person back to where they were.
 
 
 sub redirect_on_signin : Private {
-    my ( $self, $c, $redirect ) = @_;
+    my ( $self, $c, $redirect, $params ) = @_;
     unless ( $redirect ) {
         $c->detach('redirect_to_categories') if $c->user->from_body && scalar @{ $c->user->categories };
         $redirect = 'my';
@@ -420,7 +420,11 @@ sub redirect_on_signin : Private {
     if ( $c->cobrand->moniker eq 'zurich' ) {
         $redirect = 'admin' if $c->user->from_body;
     }
-    $c->res->redirect( $c->uri_for( "/$redirect" ) );
+    if (defined $params) {
+        $c->res->redirect( $c->uri_for( "/$redirect", $params ) );
+    } else {
+        $c->res->redirect( $c->uri_for( "/$redirect" ) );
+    }
 }
 
 =head2 redirect_to_categories
-- 
cgit v1.2.3


From 6713d6a4cd04a6e91743f687347367f070538e63 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew-github@dracos.co.uk>
Date: Tue, 21 Mar 2017 18:26:39 +0000
Subject: Make sure all MapIt tests can run offline.

---
 perllib/FixMyStreet/App/Controller/Auth.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index 70821f79d..4efa7abb8 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -104,7 +104,7 @@ sub sign_in : Private {
 
 Email the user the details they need to sign in. Don't check for an account - if
 there isn't one we can create it when they come back with a token (which
-contains the email addresss).
+contains the email address).
 
 =cut
 
-- 
cgit v1.2.3