Remove obsolete "qrl" schema, enforce SSL connections

sqrl/sqrl.py

@@ -137,9 +137,6 @@ class SQRLInitialization(object):
         """
         Property for getting full SQRL auth view URL including SQRL scheme and full domain with port.
         """
-        return (
-            '{scheme}://{host}{url}'
-            ''.format(scheme='sqrl' if self.request.is_secure() else 'qrl',
-                      host=self.request.get_host(),
-                      url=self.url)
-        )
+        if self.request.is_secure():
+            return 'sqrl://{host}{url}'.format(host=self.request.get_host(),url=self.url)
+        return None

sqrl/static/sqrl/sqrl.js

@@ -32,7 +32,7 @@
           url = url + encodeURIComponent(current_url);
         }
 
-        request.open('POST', url, false);
+        request.open('POST', url, async=true);
         request.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
         request.onreadystatechange = handleStateChange;
 

sqrl/templates/admin/auth/user/sqrl_manage.html

@@ -61,7 +61,7 @@
         {% endif %}
 
         {% sqrl as sqrl_session %}
-
+        {% if sqrl_session.sqrl_url %}
         <fieldset class="module aligned">
             <div class="sqrl-wrap">
                 SQRL Login
@@ -80,6 +80,9 @@
                 <input type="submit" value="Manage SQRL" class="default" style="float: left;">
             </div>
         </form>
+        {% else %}
+        <p><strong>You are not connected on a secure connection. For your safety, SQRL login is disabled. It is advised that you do not log into this website at all until you are connected via a HTTPS connection.</strong></p>
+        {% endif %}
 
     </div>
 {% endblock %}

sqrl/templates/admin/login.html

@@ -6,6 +6,7 @@
     {{ block.super }}
     <link rel="stylesheet" type="text/css" href="{% static 'admin/css/login.css' %}"/>
     <link rel="stylesheet" type="text/css" href="{% static 'admin/sqrl.css' %}"/>
+    <link rel="stylesheet" type="text/css" href="{% static 'sqrl/dropin.css' %}"/>
 {% endblock %}
 
 {% block bodyclass %}{{ block.super }} login{% endblock %}
@@ -58,13 +59,14 @@
         </form>
 
         {% sqrl as sqrl_session %}
+        {% if sqrl_session.sqrl_url %}
 
         <form method="get" action="{{ sqrl_session.sqrl_url }}" class="sqrl">
             <p class="align-center or">
                 <span class="line-center">or</span>
             </p>
 
-            <div>
+            <div class="sqrl-parent">
                 <h3>Login using SQRL</h3>
 
                 <div class="sqrl-wrap">
@@ -87,5 +89,10 @@
             document.getElementById('id_username').focus()
         </script>
         <script type="application/javascript" src="{% static 'sqrl/sqrl.js' %}"></script>
+        {% else %}
+        <div class="sqrl-parent">
+            <p><strong>You are not connected on a secure connection. For your safety, SQRL login is disabled. It is advised that you do not log into this website at all until you are connected via a HTTPS connection.</strong></p>
+        </div>
+        {% endif %}
     </div>
 {% endblock %}

sqrl/templates/sqrl/sqrl-dropin.html

@@ -1,6 +1,8 @@
 {% load static %}
 {% load sqrl %}
+
 <link type="text/css" rel="stylesheet" href="{% static 'sqrl/dropin.css' %}"/>
+{% if sqrl_session.sqrl_url %}
 <div class="sqrl-parent">
     <form class="sqrl-form" method="get" action="{{ sqrl_session.sqrl_url }}">
         <div class="sqrl-wrap">
@@ -16,5 +18,10 @@
         <input type="submit" value="Authenticate using SQRL">
     </form>
 </div>
+{% else %}
+<div class="sqrl-parent">
+    <p><strong>You are not connected on a secure connection. For your safety, SQRL login is disabled. It is advised that you do not log into this website at all until you are connected via a HTTPS connection.</strong></p>
+</div>
+{% endif %}
 <script>SQRL_NEXT="{{ redir }}"; SQRL_CHECK_URL="{% sqrl_status_url_script_tag sqrl_session %}"</script>
 <script type="application/javascript" src="{% static 'sqrl/sqrl.js' %}"></script>