Add OID attributes to form fields in user_login and CSRFSchema for improved identification

aa.gustiana@gmail.com
Commit 7c5457e3 authored Jul 28, 2025 by aa.gustiana@gmail.com
Showing 2 changed files with 20 additions and 4 deletions
opensipkd/base/views/user_login.py
opensipkd/base/views/view_tools.py
--- a/opensipkd/base/views/user_login.py
+++ b/opensipkd/base/views/user_login.py
@@ -55,7 +55,8 @@ class Login(CSRFSchema):
        oid="username",
    )
    password = colander.SchemaNode(
-        colander.String(), widget=widget.PasswordWidget())
+        colander.String(), widget=widget.PasswordWidget(),
+        oid="password")
    # def after_bind(self, schema, kwargs):
    #     request = kwargs["request"]
@@ -190,7 +191,7 @@ class ViewLogin(BaseView):
        schema = Login()
        schema = schema.bind(request=self.req)
-        form = Form(schema, buttons=('login',))
+        form = Form(schema, buttons=('login',), oid="login")
        message = ""
        if 'login' in request.POST:
            identity = request.POST.get('username')
@@ -203,6 +204,7 @@ class ViewLogin(BaseView):
                set_user_log(msg, request, log, identity)
                if self.req.is_xhr:
                    d = self.form2dict(e.field)
                    return Response(json=d)
                request.session.flash(msg, 'error')
@@ -234,6 +236,10 @@ class ViewLogin(BaseView):
                    request.session.flash(login.message, "error")
                    next_url = get_urls(
                        f"{request.route_url('login')}?next={next_url}")
+                    if self.req.is_xhr:
+                        return Response(json={"error": {"code": -1,
+                                                        "msg": login.message}
+                                              })
                    return HTTPFound(location=next_url)
            return redirect_login(request, user)
@@ -278,6 +284,9 @@ class ViewLogin(BaseView):
        #                 next_url=next_url,
        #                 login=login, )
        resources = form.get_widget_resources()
+        if self.req.is_xhr:
+            # return Response(form.render())
+            return Response(json=self.form2dict(form))
        return render_to_response(
            renderer_name=login_tpl,
            request=request,
@@ -302,7 +311,9 @@ def redirect_login(request, user):
    request.session.flash("Sukses Login")
    next_url = request.params.get('next')
    if request.is_xhr:
-        return Response(json={"success": True})
+        return Response(json={"success": True}, headerlist=headers)
+        # response.headerlist.append(headers)
+        # return response
    if not next_url and request.matched_route.name == 'login':
        url = get_params('modules_default', 'home')
        return HTTPFound(location=request.route_url(url),
@@ -345,6 +356,10 @@ class Logout(BaseView):
                request.response.delete_cookie("g_state", '/')
            form.set_appstruct({"message": "Sukses Logout"})
            request.session["login"] = False
+            if self.req.is_xhr:
+                return Response(json={"success": True,
+                                      "message": "Sukses Logout"},
+                                      headerlist=headers)
        return dict(form=form.render())

--- a/opensipkd/base/views/view_tools.py
+++ b/opensipkd/base/views/view_tools.py
@@ -13,5 +13,6 @@ class CSRFSchema(colander.Schema):
        self["csrf_token"] = colander.SchemaNode(
            colander.String(), widget=widget.HiddenWidget(),
-            default=csrf_token
+            default=csrf_token,
+            oid="csrf_token"
        )