From a22fa57ab14562ca7699e6a567338c5952a59b4e Mon Sep 17 00:00:00 2001
From: Jonathan Miller <jmiller-moko@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 13:55:52 -0500
Subject: [PATCH] fix(ui): embed login form on 403 Access Denied page

Anonymous users seeing the 403 page now get an inline login form
with username, password, and submit button. After login, redirects
back to the page they were trying to access.

Compact form centered with tw-max-w-sm, includes CSRF token and
redirect_to hidden field pointing to CurrentURL.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 services/context/context_response.go |  1 +
 templates/status/403.tmpl            | 20 +++++++++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/services/context/context_response.go b/services/context/context_response.go
index ed238f0376..52737923bb 100644
--- a/services/context/context_response.go
+++ b/services/context/context_response.go
@@ -186,6 +186,7 @@ func (ctx *Context) Forbidden() {
 
 	ctx.Data["IsRepo"] = ctx.Repo.Repository != nil
 	ctx.Data["Title"] = "Access Denied"
+	ctx.Data["CurrentURL"] = ctx.Req.URL.RequestURI()
 	ctx.HTML(http.StatusForbidden, "status/403")
 }
 
diff --git a/templates/status/403.tmpl b/templates/status/403.tmpl
index 05eaa9dccc..fe6e58faa0 100644
--- a/templates/status/403.tmpl
+++ b/templates/status/403.tmpl
@@ -7,10 +7,24 @@
 			<div class="status-page-error-title">403 Access Denied</div>
 			<div class="tw-text-center">
 				<div class="tw-my-4">{{if .AccessDeniedPrompt}}{{.AccessDeniedPrompt}}{{else}}{{ctx.Locale.Tr "error403"}}{{end}}</div>
-				{{if not .IsSigned}}
-					<a class="ui primary button tw-my-4" href="{{AppSubUrl}}/user/login">{{ctx.Locale.Tr "sign_in"}}</a>
-				{{end}}
 			</div>
+			{{if not .IsSigned}}
+			<div class="tw-max-w-sm tw-mx-auto tw-mt-4">
+				<form class="ui form" action="{{AppSubUrl}}/user/login" method="post">
+					{{.CsrfTokenHtml}}
+					<input type="hidden" name="redirect_to" value="{{.CurrentURL}}">
+					<div class="required field">
+						<label>{{ctx.Locale.Tr "home.uname_holder"}}</label>
+						<input type="text" name="user_name" required autofocus>
+					</div>
+					<div class="required field">
+						<label>{{ctx.Locale.Tr "password"}}</label>
+						<input type="password" name="password" required>
+					</div>
+					<button class="ui primary fluid button tw-mt-2" type="submit">{{ctx.Locale.Tr "sign_in"}}</button>
+				</form>
+			</div>
+			{{end}}
 		</div>
 	</div>
 </div>
-- 
2.52.0