From 0196b3583a09131f42dd0a364ad46babd5f12e04 Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Thu, 17 Oct 2024 10:28:51 +0800
Subject: [PATCH] Warn users when they try to use a non-root-url to sign in/up
 (#32272)

---
 web_src/js/features/common-page.ts | 8 ++++++++
 web_src/js/features/user-auth.ts   | 7 ++++++-
 web_src/js/index.ts                | 3 ++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/web_src/js/features/common-page.ts b/web_src/js/features/common-page.ts
index 1a4decd752..77fe2cc1ca 100644
--- a/web_src/js/features/common-page.ts
+++ b/web_src/js/features/common-page.ts
@@ -91,3 +91,11 @@ export function checkAppUrl() {
   showGlobalErrorMessage(`Your ROOT_URL in app.ini is "${appUrl}", it's unlikely matching the site you are visiting.
 Mismatched ROOT_URL config causes wrong URL links for web UI/mail content/webhook notification/OAuth2 sign-in.`, 'warning');
 }
+
+export function checkAppUrlScheme() {
+  const curUrl = window.location.href;
+  // some users visit "http://domain" while appUrl is "https://domain", COOKIE_SECURE makes it impossible to sign in
+  if (curUrl.startsWith('http:') && appUrl.startsWith('https:')) {
+    showGlobalErrorMessage(`This instance is configured to run under HTTPS (by ROOT_URL config), you are accessing by HTTP. Mismatched scheme might cause problems for sign-in/sign-up.`, 'warning');
+  }
+}
diff --git a/web_src/js/features/user-auth.ts b/web_src/js/features/user-auth.ts
index f1f34bc806..b716287ff2 100644
--- a/web_src/js/features/user-auth.ts
+++ b/web_src/js/features/user-auth.ts
@@ -1,4 +1,9 @@
-import {checkAppUrl} from './common-page.ts';
+import {checkAppUrl, checkAppUrlScheme} from './common-page.ts';
+
+export function initUserCheckAppUrl() {
+  if (!document.querySelector('.page-content.user.signin, .page-content.user.signup, .page-content.user.link-account')) return;
+  checkAppUrlScheme();
+}
 
 export function initUserAuthOauth2() {
   const outer = document.querySelector('#oauth2-login-navigator');
diff --git a/web_src/js/index.ts b/web_src/js/index.ts
index db678a25ba..13dfe1f3ef 100644
--- a/web_src/js/index.ts
+++ b/web_src/js/index.ts
@@ -24,7 +24,7 @@ import {initFindFileInRepo} from './features/repo-findfile.ts';
 import {initCommentContent, initMarkupContent} from './markup/content.ts';
 import {initPdfViewer} from './render/pdf.ts';
 
-import {initUserAuthOauth2} from './features/user-auth.ts';
+import {initUserAuthOauth2, initUserCheckAppUrl} from './features/user-auth.ts';
 import {
   initRepoIssueDue,
   initRepoIssueReferenceRepositorySearch,
@@ -219,6 +219,7 @@ onDomReady(() => {
     initCommitStatuses,
     initCaptcha,
 
+    initUserCheckAppUrl,
     initUserAuthOauth2,
     initUserAuthWebAuthn,
     initUserAuthWebAuthnRegister,