better password disable

2026-04-28 03:39:32 +00:00 · 2025-08-12 16:16:28 +02:00 · 2025-08-12 16:16:28 +02:00 · a8bca9ecce
commit a8bca9ecce
parent 6e4d1a0920
5 changed files with 6 additions and 23 deletions
--- a/dockflare/app/templates/auth/login_disabled.html
+++ b/dockflare/app/templates/auth/login_disabled.html
@ -1,18 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}{{ title }}{% endblock %}
-
-{% block content %}
-<div class="flex justify-center items-center min-h-screen">
-    <div class="card w-96 bg-base-100 shadow-xl">
-        <div class="card-body">
-            <h2 class="card-title">{{ title }}</h2>
-            <p>Password login has been disabled by the administrator.</p>
-            <p>Please use an alternative login method, such as a Cloudflare Access policy.</p>
-            <div class="card-actions justify-end">
-                <a href="{{ url_for('web.status_page') }}" class="btn btn-primary">Go to Status Page</a>
-            </div>
-        </div>
-    </div>
-</div>
-{% endblock %}
--- a/dockflare/app/templates/settings.html
+++ b/dockflare/app/templates/settings.html
@ -301,7 +301,7 @@

                        <div role="alert" class="alert alert-warning text-sm">
                            <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
-                            <span><strong>Security Warning:</strong>When disabling password login, you become responsible for securing DockFlare access. Best practice is to use a Cloudflare Tunnel with an Access Policy and ensure Docker ports are not exposed, preventing access from the local network (LAN).</span>
+                            <span><strong>Security Warning:</strong> When disabling password login, you become responsible for securing DockFlare access. Best practice is to use a Cloudflare Tunnel with an Access Policy and ensure Docker ports are not exposed, preventing access from the local network (LAN).</span>
                        </div>

                        <div class="card-actions">
--- a/dockflare/app/web/auth_routes.py
+++ b/dockflare/app/web/auth_routes.py
@ -18,9 +18,7 @@ class LoginForm(FlaskForm):
 def login():
    """Handles the user login process."""
    if current_app.config.get('DISABLE_PASSWORD_LOGIN'):
-        flash('Password login is disabled. Please use an alternative login method.', 'warning')
-        # Still render a basic page, but without the form.
-        return render_template('auth/login_disabled.html', title="Login Disabled")
+        return redirect(url_for('web.status_page'))

    if current_user.is_authenticated:
        return redirect(url_for('web.status_page'))
--- a/dockflare/app/web/forms.py
+++ b/dockflare/app/web/forms.py
@ -15,7 +15,7 @@
 # along with this program. If not, see <https://www.gnu.org/licenses/>.
 # app/web/forms.py
 from flask_wtf import FlaskForm
-from wtforms import PasswordField, SubmitField, StringField, IntegerField, BooleanField
+from wtforms import BooleanField, PasswordField, SubmitField, StringField, IntegerField
 from wtforms.validators import DataRequired, EqualTo, Length, Optional

 class SettingsForm(FlaskForm):
--- a/dockflare/app/web/routes.py
+++ b/dockflare/app/web/routes.py
@ -102,6 +102,9 @@ def gating_logic():

    
    if hasattr(current_app, 'login_manager'):
+        if current_app.config.get('DISABLE_PASSWORD_LOGIN'):
+            return
+
        if not current_user.is_authenticated:
    
            if request.endpoint and not request.endpoint.startswith('auth.') and request.endpoint != 'static':