Fix logins, make the user page look nice

Adds css escaping for avatars.tx :)

lib/Trog/Authz/Matrix.pm

@@ -14,7 +14,7 @@ use HTTP::Tiny ();
 use constant 'required_params' => [ 'extAuthData' ];
 
 sub do_auth ($self) {
-    die "Please setup an admin user first" if !$self->{'params'}{'hasuers'};
+    die "Please setup an admin user first" if !$self->{'params'}{'hasusers'};
     $self->failed(1);
 
     require JSON::XS;
@@ -54,12 +54,16 @@ sub do_auth ($self) {
             'Matrix', # Never used here, so just put in the ext auth provider name.
             [ 'extAuthUser' ], # This ACL is important, and should be non-removable.
         );
+
+        # By default, the avatar is cropped to 20x20, let's get a larger one if available.
+        my $avatar_url = substr( $decoded->{avatar_content}, 0, index( $decoded->{'avatar_content'}, '?' ) );
+        $avatar_url .= "?height=120&width=120&method=crop";
         my $dat = Trog::Data->new($cfg);
         $dat->add(
             {
                 title      => $decoded->{user_id},
                 data       => $decoded->{displayname},
-                preview    => $decoded->{avatar_content},
+                preview    => $avatar_url,
                 wallpaper  => '/img/sys/testpattern.jpg',
                 tags       => ['about'],
                 visibility => 'public',

lib/Trog/Routes/HTML.pm

@@ -400,6 +400,7 @@ sub login ($query, $render_cb) {
     my @headers;
     my $do_auth = grep { $query->{$_} } qw{username extAuthProvider};
     my $failed = -1;
+
     if($do_auth) {
         my $auth_module = "Default";
         $auth_module = ucfirst($query->{'extAuthProvider'}) if($query->{'extAuthProvider'});
@@ -665,7 +666,15 @@ sub avatars ($query, $render_cb) {
     push(@{$query->{acls}}, 'public');
     my $tags = _coerce_array($query->{tag});
     my $processor = Text::Xslate->new(
-        path   => $template_dir,
+        function => {
+            css_escape => sub {
+                my ( $str ) = @_;
+                return '' if !$str;
+                $str =~ s/([!"#$%&'()*+,.\/:;<=>?@\[\\\]^`{|}~-]+)/\\$1/g;
+                return $str;
+            },
+        },
+        path     => $template_dir,
     );
 
     my @posts = _post_helper($query, $tags, $query->{acls});

www/templates/avatars.tx

@@ -1,6 +1,6 @@
 /*User Images set here*/
 : for $users -> $post {
-a.<: $post.user :> {
+a.<: css_escape($post.user) :> {
  background-image: url(<: $post.preview :>);
  filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='<: $post.preview :>', sizingMethod='scale');
  -ms-filter: "progid:DXImageTransform.Microsoft.AlphaImageLoader(src='<: $post.preview :>', sizingMethod='scale')"

www/templates/login.tx

@@ -19,15 +19,16 @@
         <input required name="password" id="password" placeholder="hunter2" value="" type="password"></input>
       </div>
       <br />
-      <input type="submit" id="maximumGo" value="<: $btnmsg :>"></input>
 
-	  <!--
+<!--
 		External authentication provider data.
 		Provider = Driver to use
 	    Data     = JSON encoded blob of data gotten back from auth source
 	  -->
-      <input type="hidden" id="extAuthProvider" value=""></input>
-	  <input type="hidden" id="extAuthData" value=""></input>
+      <input type="hidden" id="extAuthProvider" name="extAuthProvider" value=""></input>
+	  <input type="hidden" id="extAuthData" name="extAuthData" value=""></input>
+
+      <input type="submit" id="maximumGo" value="<: $btnmsg :>"></input>
     </form>
 	<br><br>
 	<div id="matrixLogin" style="display:none;">