Remove user group and welcome page templates from the OTS Signs theme

2026-04-11 14:05:17 -04:00
parent c4e26cc5b7
commit 0acd5d4ab6
57 changed files with 756 additions and 41821 deletions
--- a/ots-signs/layoutauth.html
+++ b/ots-signs/layoutauth.html
@@ -161,48 +161,15 @@
      var link = document.getElementById("fallback-link");
      if (link) link.href = destination;

-      var spinner   = document.getElementById("spinner");
-      var checkmark = document.getElementById("checkmark");
-      var message   = document.getElementById("message");
-
-      // Check CMS web session auth by fetching the CMS root and following redirects.
-      //   - Unauthenticated: 302 → /login  (final response.url contains "/login")
-      //   - Authenticated:   302 → /dashboard (final response.url does NOT contain "/login")
-      var cmsRootUrl = window.location.origin + cmsBase + "/";
-
-      fetch(cmsRootUrl, {
-        method: "GET",
-        credentials: "include"    // sends the CMS session cookie; follow redirects (default)
-      })
-      .then(function (response) {
-        var finalUrl = response.url || "";
-        // Not authenticated if redirected outside the CMS base path (e.g. to a SAML IdP
-        // at /auth/… the same origin) or to a known CMS auth page (/login, /saml/…).
-        var expectedBase = window.location.origin + cmsBase;
-        var isOffBase = cmsBase !== "" && !finalUrl.startsWith(expectedBase);
-        var isAuthPage = finalUrl.indexOf("/login") !== -1 || finalUrl.indexOf("/saml") !== -1;
-        if (!finalUrl || isOffBase || isAuthPage) {
-          throw new Error("unauthenticated");
-        }
-        return response;
-      })
-      .then(function () {
-        // Authenticated — show the green checkmark for 2 seconds then redirect
-        spinner.style.display = "none";
-        checkmark.classList.add("visible");
-        message.textContent = "Auth to CMS";
-        if (link) link.style.display = "inline";
-
-        setTimeout(function () {
-          window.location.replace(destination);
-        }, 2000);
-      })
-      .catch(function () {
-        // Not authenticated — send to the CMS login page, preserving the return URL
-        var returnUrl = encodeURIComponent(window.location.href);
-        var loginUrl = window.location.origin + cmsBase + "/login?redirect=" + returnUrl;
-        window.location.replace(loginUrl);
-      });
+      // Redirect directly to the destination.
+      //
+      // If the user is already authenticated, Xibo serves the page immediately.
+      // If not, Xibo's own auth middleware intercepts the request, stores the full
+      // URI — including query params like ?deeplink=1 — as priorRoute in the session
+      // flash, then redirects to /login.  After a successful login Xibo reads priorRoute
+      // and sends the user to the correct page.  No client-side fetch-based auth check
+      // is needed, and avoids poisoning the priorRoute flash with "/" before we get there.
+      window.location.replace(destination);
    })();
  </script>
 </body>