From a24b4aed99920fabef7e35cee1dc63c92444ab3b Mon Sep 17 00:00:00 2001
From: FinnStutzenstein <finn.stutzenstein@rats-os.de>
Date: Mon, 19 Dec 2016 14:14:46 +0100
Subject: [PATCH] cookie handling on login

---
 openslides/core/static/templates/core/login-form.html | 2 +-
 openslides/users/static/js/users/site.js              | 9 +++++----
 openslides/users/views.py                             | 3 +++
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/openslides/core/static/templates/core/login-form.html b/openslides/core/static/templates/core/login-form.html
index ddd6ac899..b516c8ead 100644
--- a/openslides/core/static/templates/core/login-form.html
+++ b/openslides/core/static/templates/core/login-form.html
@@ -1,4 +1,4 @@
-<form ng-submit="login(username, password)">
+<form ng-submit="login()">
   <div class="modal-header">
     <img src="/static/img/openslides-logo.png" alt="OpenSlides" class="login-logo center-block">
   </div>
diff --git a/openslides/users/static/js/users/site.js b/openslides/users/static/js/users/site.js
index dd10e3ea8..8e7b52ca7 100644
--- a/openslides/users/static/js/users/site.js
+++ b/openslides/users/static/js/users/site.js
@@ -1486,10 +1486,11 @@ angular.module('OpenSlidesApp.users.site', [
         // login
         $scope.login = function () {
             $scope.alerts = [];
-            $http.post(
-                '/users/login/',
-                {'username': $scope.username, 'password': $scope.password}
-            ).then(
+            var data = { 'username': $scope.username, 'password': $scope.password };
+            if (!navigator.cookieEnabled) {
+                data.cookies = false;
+            }
+            $http.post('/users/login/', data).then(
                 function (response) {
                     // Success: User logged in.
                     operator.setUser(response.data.user_id);
diff --git a/openslides/users/views.py b/openslides/users/views.py
index 90842707e..85cad9c1b 100644
--- a/openslides/users/views.py
+++ b/openslides/users/views.py
@@ -164,6 +164,9 @@ class UserLoginView(APIView):
     http_method_names = ['get', 'post']
 
     def post(self, *args, **kwargs):
+        # If the client tells that cookies are disabled, do not continue as guest (if enabled)
+        if not self.request.data.get('cookies', True):
+            raise ValidationError({'detail': _('Cookies have to be enabled to use OpenSlides.')})
         form = AuthenticationForm(self.request, data=self.request.data)
         if not form.is_valid():
             raise ValidationError({'detail': _('Username or password is not correct.')})