[FIX] web: prevent multiple clicks on the log in button

Before this commit, the user had the possibility to spam the "Log in"
button when trying to connect. This could lead to a change of the CSFR
token and an errror of type "werkzeug.exceptions.BadRequest: 400 Bad
Request: Session expired (invalid CSRF token)" could then happen.
This commit makes the “Log in” button un-clickable once it has been
clicked and adds a loading effect to it.

task-2996329

closes odoo/odoo#104323

Signed-off-by: Benoit Socias (bso) <bso@odoo.com>

addons/web/static/src/js/public/public_widget.js

@@ -347,6 +347,40 @@ registry._fixAppleCollapse = PublicWidget.extend({
     },
 });
 
+// TODO: remove this code in master and put it in its own file.
+registry.login = PublicWidget.extend({
+    selector: '.oe_login_form',
+    events: {
+        'submit': '_onSubmit',
+    },
+
+    //-------------------------------------------------------------------------
+    // Handlers
+    //-------------------------------------------------------------------------
+
+    /**
+     * Prevents the user from crazy clicking:
+     * Gives the button a loading effect if preventDefault was not already
+     * called and modifies the preventDefault function of the event so that the
+     * loading effect is removed if preventDefault() is called in a following
+     * customization.
+     *
+     * @private
+     * @param {Event} ev
+     */
+    _onSubmit(ev) {
+        if (!ev.isDefaultPrevented()) {
+            const btnEl = ev.currentTarget.querySelector('button[type="submit"]');
+            const removeLoadingEffect = dom.addButtonLoadingEffect(btnEl);
+            const oldPreventDefault = ev.preventDefault.bind(ev);
+            ev.preventDefault = () => {
+                removeLoadingEffect();
+                oldPreventDefault();
+            };
+        }
+    },
+});
+
 return {
     RootWidget: RootWidget,
     RootWidgetRegistry: RootWidgetRegistry,