From e9e6973ff1ab14fea3d4ac552943265ec9710b68 Mon Sep 17 00:00:00 2001
From: meandaD <yiran.duan@tum.de>
Date: Sun, 14 Jan 2024 16:04:18 +0100
Subject: [PATCH 1/2] Add "remember me" option for log in. Passes on whether
 the user has selected the "remember me" option by setting a cookie, and if
 so, the jwt cookie set at login is set to be valid for 6 months instead of
 one week. Related: #1302

---
 api/users.go              |  2 +-
 tools/session.go          | 15 ++++++++++-----
 web/template/login.gohtml | 14 ++++++++++++++
 web/user.go               | 10 +++++++++-
 4 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/api/users.go b/api/users.go
index 2afc0e454..d16857738 100644
--- a/api/users.go
+++ b/api/users.go
@@ -86,7 +86,7 @@ func (r usersRoutes) impersonateUser(c *gin.Context) {
 		})
 		return
 	}
-	tools.StartSession(c, &tools.SessionData{Userid: u.ID})
+	tools.StartSession(c, &tools.SessionData{Userid: u.ID}, false)
 }
 
 func (r usersRoutes) updateUser(c *gin.Context) {
diff --git a/tools/session.go b/tools/session.go
index 41f485ca7..beec4a3ee 100644
--- a/tools/session.go
+++ b/tools/session.go
@@ -12,21 +12,26 @@ type SessionData struct {
 	SamlSubjectID *string
 }
 
-func StartSession(c *gin.Context, data *SessionData) {
-	token, err := createToken(data.Userid, data.SamlSubjectID)
+func StartSession(c *gin.Context, data *SessionData, rememberMe bool) {
+	maxAgeInDays := 7 // by default, log-in status expires in one week
+	if rememberMe {
+		maxAgeInDays = 30 * 6 // if user chooses "remember me", let log-in status be valid for 6 months
+	}
+
+	token, err := createToken(data.Userid, data.SamlSubjectID, maxAgeInDays)
 	if err != nil {
 		logger.Error("Could not create token", "err", err)
 		return
 	}
-	c.SetCookie("jwt", token, 60*60*24*7, "/", "", CookieSecure, true)
+	c.SetCookie("jwt", token, 60*60*24*maxAgeInDays, "/", "", CookieSecure, true)
 }
 
-func createToken(user uint, samlSubjectID *string) (string, error) {
+func createToken(user uint, samlSubjectID *string, maxAgeInDays int) (string, error) {
 	t := jwt.New(jwt.GetSigningMethod("RS256"))
 
 	t.Claims = &JWTClaims{
 		RegisteredClaims: &jwt.RegisteredClaims{
-			ExpiresAt: &jwt.NumericDate{Time: time.Now().Add(time.Hour * 24 * 7)}, // Token expires in one week
+			ExpiresAt: &jwt.NumericDate{Time: time.Now().Add(time.Hour * 24 * time.Duration(maxAgeInDays))}, // Token expires in one week
 		},
 		UserID:        user,
 		SamlSubjectID: samlSubjectID,
diff --git a/web/template/login.gohtml b/web/template/login.gohtml
index 5e45f4150..8ab0c442d 100644
--- a/web/template/login.gohtml
+++ b/web/template/login.gohtml
@@ -39,6 +39,20 @@
         <header>
             <h1 class="font-bold text-3">Login</h1>
         </header>
+
+        <div x-show="!resetPassword" class="flex">
+            <input type="checkbox" name="rememberMe" id="rememberMe">
+            <label for="rememberMe" class="text-5 text-sm px-2">Remember me for 6 months</label>
+            <script>
+                document.getElementById('rememberMe').addEventListener('change', function() {
+                    document.cookie = "rememberMe=" + this.checked + "; path=/; max-age=600";
+                    // The status whether "remember me" is checked is saved in a cookie, valid for 10 minutes
+                    // This cookie will be deleted once logged in
+                });
+            </script>
+        </div>
+
+
         {{if .UseSAML}}
             <article class="text-center w-full">
                 <a href="/saml/out"
diff --git a/web/user.go b/web/user.go
index e90df804d..3584b78a0 100644
--- a/web/user.go
+++ b/web/user.go
@@ -58,7 +58,15 @@ func (r mainRoutes) LoginHandler(c *gin.Context) {
 
 // HandleValidLogin starts a session and redirects the user to the page they were trying to access.
 func HandleValidLogin(c *gin.Context, data *tools.SessionData) {
-	tools.StartSession(c, data)
+	rememberMeCookie, err := c.Request.Cookie("rememberMe")
+	rememberMe := false
+	if err == nil && rememberMeCookie.Value == "true" {
+		rememberMe = true
+	}
+	// Delete cookie that was used for saving the status of "remember me"
+	c.SetCookie("rememberMe", "", -1, "/", "", tools.CookieSecure, true)
+
+	tools.StartSession(c, data, rememberMe)
 	redirURL, err := c.Cookie(redirCookieName)
 	if err != nil {
 		redirURL = "/" // Fallback in case no cookie is present: Redirect to index page

From dffc4e499a37938c2d72b35faa8c1a180c4060ae Mon Sep 17 00:00:00 2001
From: meandaD <yiran.duan@tum.de>
Date: Sun, 14 Jan 2024 16:45:31 +0100
Subject: [PATCH 2/2] Remove "rememberMe" cookie upon load of login page

---
 web/template/login.gohtml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/web/template/login.gohtml b/web/template/login.gohtml
index 8ab0c442d..2cb06c602 100644
--- a/web/template/login.gohtml
+++ b/web/template/login.gohtml
@@ -24,6 +24,13 @@
     <style>[x-cloak] {
             display: none !important;
         }</style>
+
+    <script>
+        window.onload = function() {
+            document.cookie = 'rememberMe=; path=/; max-age=-1';
+        };
+    </script>
+
 </head>
 <body class="h-screen flex flex-col items-stretch tum-live-bg">
 <header class="text-3 flex z-50 w-full items-center px-3 py-2 h-16 justify-between shrink-0 grow-0">