diff --git a/brutaldon/static/images/sensitive.png b/brutaldon/static/images/sensitive.png new file mode 100644 index 0000000..8745489 Binary files /dev/null and b/brutaldon/static/images/sensitive.png differ diff --git a/brutaldon/templates/setup/login-oauth.html b/brutaldon/templates/setup/login-oauth.html index ba7baa0..0547216 100644 --- a/brutaldon/templates/setup/login-oauth.html +++ b/brutaldon/templates/setup/login-oauth.html @@ -22,5 +22,13 @@ +
+ +
+ Not able to log in with this form? Maybe your brutaldon instance isn't + visible on the internet to your Mastodon instance? If so, you can use + the old login form. +
+
{% endblock %} diff --git a/brutaldon/templates/setup/login.html b/brutaldon/templates/setup/login.html index 7c703e2..6d3c015 100644 --- a/brutaldon/templates/setup/login.html +++ b/brutaldon/templates/setup/login.html @@ -4,7 +4,7 @@ {% block content %}

Log in to your instance

-
+ {% csrf_token %}
@@ -46,7 +46,9 @@ This information is only used to log you in to your instance for the first time. Brutaldon never stores your username and password; it only uses it to acquire a token which you can disable from the - settings page of your Mastodon instance. + settings page of your Mastodon instance. However, you do need to + absolutely trust the person running this copy of brutaldon! If that's + not the case, use the OAuth login form.

diff --git a/brutaldon/urls.py b/brutaldon/urls.py index 637c312..86d0e41 100644 --- a/brutaldon/urls.py +++ b/brutaldon/urls.py @@ -21,6 +21,7 @@ urlpatterns = [ path('admin/', admin.site.urls), path('home', views.home, name='home'), path('login', views.login, name="login"), + path('oldlogin', views.old_login, name="oldlogin"), path('logout', views.logout, name='logout'), path('oauth_callback', views.oauth_callback, name="oauth_callback"), path('error', views.error, name='error'),