auth
auth/authd/templates/simple.gotmpl
Randomly generate codes. We've been using our IDs for auth codes. But our IDs may at some point be non-random, for the purpose of optimising database performance, or some other perfectly valid reason. Auth codes we always want to be random, and have no relation to IDs, so why conflate them? Instead, we pull 16 random bytes out of crypto/rand.Reader and hex encode them.
1 {{ define "login" }}<html>
2 <head>
3 <title>Log in</title>
4 </head>
5 <body>
6 <h1>Please log into your account</h1>{{ if .errors }}
7 <h2>Errors:</h2>
8 <ul>{{ range .errors }}
9 <li>{{ . }}</li>
10 </ul>{{ end }}{{ end }}
11 <form method="POST">
12 <p>Username: <input type="text" name="login"></p>
13 <p>Password: <input type="password" name="passphrase"></p>
14 <p><input type="submit"></p>
15 </form>
16 </body>
17 </html>{{ end }}
19 {{ define "get_grant" }}<html>
20 <head>
21 <title>Grant access</title>
22 </head>
23 <body>{{ if .error }}
24 <h1>Error</h1>
25 <p>{{ .error }}</p>{{ end }}{{ if .internal_error }}
26 <h1>Error</h1>
27 <p>{{ .internal_error }}</p>{{ end }}{{ if not .error }}{{ if not .internal_error }}<h1>Grant access</h1>
28 <p>{{ .client.Name }} is requesting access to your account. if you grant it, you'll be redirected to {{ .redirectURL }}. Their access will be limited to {{ .scope }}. You are granting access for {{ .profile.Name }}.</p>{{ end }}{{ end }}
29 <form method="POST">
30 <input type="submit" name="grant" value="approved">
31 <input type="hidden" name="csrftoken" value="{{ .csrftoken }}">
32 </form>
33 </body>
34 </html>{{ end }}