UI coverage of bad actor edge use case for login button types (OpenUserJS#2079)

Martii · web-flow · commit 5e8af2145b09 · 2025-06-27T10:48:54.000-06:00
* Tweak non-JS registration string to include probationary user case Post OpenUserJS#1174 OpenUserJS#1893 Auto-merge
diff --git a/views/includes/scripts/loginEcho.html b/views/includes/scripts/loginEcho.html
@@ -20,15 +20,17 @@
       var consent = document.querySelector('input[name="consent"]');
       var action = document.querySelector('button#action');
       var blocking = null;
+      var icon = ' <i class="fa fa-sign-in fa-fw"></i>';
 
       function onInput(aEv) {
         var req = new XMLHttpRequest();
         var wantname = cleanFilename(aEv.target.value, '');
 
         function show(aConsent) {
-          action.innerHTML = action.innerHTML.replace(/Sign Up/, 'Sign In');
+          action.innerHTML = action.innerHTML = 'Sign In' + icon
           action.classList.add('btn-success');
           action.classList.remove('btn-info');
+          action.classList.remove('btn-warning');
 
           if (captcha) {
             if (!blocking) {
@@ -46,8 +48,9 @@
         }
 
         function hide() {
-          action.innerHTML = action.innerHTML.replace(/Sign In/, 'Sign Up');
+          action.innerHTML = action.innerHTML = 'Sign Up' + icon;
           action.classList.remove('btn-success');
+          action.classList.remove('btn-warning');
           action.classList.add('btn-info');
 
           if (captcha) {
@@ -57,6 +60,19 @@
           consent.checked = false;
         }
 
+        function hideEx() {
+          action.innerHTML = action.innerHTML = 'Sign In / Sign Up' + icon;
+          action.classList.remove('btn-info');
+          action.classList.remove('btn-success');
+          action.classList.add('btn-warning');
+
+          if (captcha) {
+            captcha.style.display = 'block';
+          }
+
+          consent.checked = false;
+        }
+
         if (wantname) {
           req.open('HEAD', '/api/user/exist/' + wantname);
           req.onreadystatechange = function () {
@@ -72,6 +88,10 @@
                   show(/ consent$/.test(this.getResponseHeader('Warning')));
                   auth.value = '';
                   break;
+                case 429:
+                  hideEx();
+                  auth.value = 'github';
+                  break;
                 default:
                   hide();
                   auth.value = 'github';
@@ -91,6 +111,8 @@
 
       if (username && auth && action) {
         action.innerHTML = action.innerHTML.replace(/Next/, 'Sign Up');
+        action.classList.remove('btn-danger');
+        action.classList.add('btn-info');
 
         username.addEventListener('input', onInput, {
           capture : true,
diff --git a/views/pages/loginPage.html b/views/pages/loginPage.html
@@ -19,7 +19,7 @@ <h3>
         </h3>
         <noscript>
           <div class="alert alert-danger small" role="alert">
-            <i class="fa fa-exclamation-triangle"></i> <strong>WARNING</strong>: JavaScript must be enabled for new users to register.
+            <i class="fa fa-exclamation-triangle"></i> <strong>WARNING</strong>: JavaScript must be enabled for new and probationary users to register.
           </div>
         </noscript>
         <div class="input-group">
@@ -56,7 +56,7 @@ <h3>
           </div>
         </div>
         <div class="input-group-addon">
-          <button class="btn btn-info" type="submit" id="action" class="pull-left">Next <i class="fa fa-sign-in fa-fw"></i></button>
+          <button class="btn btn-danger" type="submit" id="action" class="pull-left">Next <i class="fa fa-sign-in fa-fw"></i></button>
         </div>
       </form>
       </div>
