From cfb76f560904f297d85da9060f7499f918cbc7bd Mon Sep 17 00:00:00 2001
From: Martin Tournoij <martin@arp242.net>
Date: Fri, 23 Aug 2019 13:55:48 +0100
Subject: [PATCH] Better feedback when logging in with wrong email

Also set favicon for error pages to static.goatcounter.com for now,
solves CSP errors
---
 go.mod                     |  2 +-
 handlers/backend.go        |  2 +-
 handlers/user.go           | 12 ++++++++----
 tpl/_backend_signin.gohtml |  2 +-
 tpl/error.gohtml           |  2 +-
 5 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 17d014ee4..9238f6834 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module zgo.at/goatcounter
 
 go 1.12
 
-//replace zgo.at/zhttp => ../zhttp
+// replace zgo.at/zhttp => ../zhttp
 
 // This fork doesn't depend on the github.com/teamwork/mailaddress package and
 // its transient dependencies. Hard to update to upstream due to compatibility.
diff --git a/handlers/backend.go b/handlers/backend.go
index 236ffc646..aa496e3c1 100644
--- a/handlers/backend.go
+++ b/handlers/backend.go
@@ -84,7 +84,7 @@ func (h Backend) Mount(r chi.Router, db *sqlx.DB) {
 			"X-Content-Type-Options":    []string{"nosniff"},
 			"Content-Security-Policy": {header.CSP{
 				header.CSPDefaultSrc: {header.CSPSourceNone},
-				header.CSPImgSrc:     {cfg.DomainStatic},
+				header.CSPImgSrc:     {cfg.DomainStatic, "https://static.goatcounter.com"},
 				header.CSPScriptSrc:  {cfg.DomainStatic},
 				header.CSPStyleSrc:   {cfg.DomainStatic, header.CSPSourceUnsafeInline}, // style="height: " on the charts.
 				header.CSPFontSrc:    {cfg.DomainStatic},
diff --git a/handlers/user.go b/handlers/user.go
index 4f99a8044..9856ca161 100644
--- a/handlers/user.go
+++ b/handlers/user.go
@@ -9,6 +9,7 @@ import (
 	"database/sql"
 	"fmt"
 	"net/http"
+	"net/url"
 
 	"github.com/go-chi/chi"
 	"github.com/pkg/errors"
@@ -37,7 +38,8 @@ func (h user) mount(r chi.Router) {
 func (h user) new(w http.ResponseWriter, r *http.Request) error {
 	return zhttp.Template(w, "user.gohtml", struct {
 		Globals
-	}{newGlobals(w, r)})
+		Email string
+	}{newGlobals(w, r), r.URL.Query().Get("email")})
 }
 
 func (h user) requestLogin(w http.ResponseWriter, r *http.Request) error {
@@ -52,10 +54,12 @@ func (h user) requestLogin(w http.ResponseWriter, r *http.Request) error {
 	var u goatcounter.User
 	err = u.ByEmail(r.Context(), args.Email)
 	if err != nil {
-		if errors.Cause(err) != sql.ErrNoRows {
-			zlog.Error(err)
+		if errors.Cause(err) == sql.ErrNoRows {
+			zhttp.FlashError(w, "Not an account on this site: %q", args.Email)
+			return zhttp.SeeOther(w, fmt.Sprintf("/user/new?email=%s", url.QueryEscape(args.Email)))
 		}
-		return guru.New(http.StatusForbidden, "Can't log you in. Sorry :-(")
+
+		return err
 	}
 
 	err = u.RequestLogin(r.Context())
diff --git a/tpl/_backend_signin.gohtml b/tpl/_backend_signin.gohtml
index a0b83a3a8..01782ddcb 100644
--- a/tpl/_backend_signin.gohtml
+++ b/tpl/_backend_signin.gohtml
@@ -1,5 +1,5 @@
 <form method="post" action="/user/requestlogin" id="request-login">
 	<label for="email">Email address</label>
-	<input type="email" name="email" id="email" required>
+	<input type="email" name="email" id="email" value="{{.Email}}" required>
 	<button>Sign in</button>
 </form>
diff --git a/tpl/error.gohtml b/tpl/error.gohtml
index bde0f00b2..0e58117aa 100644
--- a/tpl/error.gohtml
+++ b/tpl/error.gohtml
@@ -4,7 +4,7 @@
 	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>GoatCounter – Error!</title>
-	<style>h1 { text-align: left; }</style>
+	<link rel="shortcut icon" href="https://static.goatcounter.com/favicon.ico">
 </head>
 
 <body>