From b13314037f4a1694ca9da0986fa30bce44ebd6f1 Mon Sep 17 00:00:00 2001 From: cato447 Date: Mon, 20 Oct 2025 21:47:51 +0200 Subject: [PATCH] Added logic that allows non logged in users to use qr codes --- app/models.py | 4 +++- app/routes.py | 21 +++++++++++++-------- package-lock.json | 2 ++ 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/app/models.py b/app/models.py index fb42f7b..8c13ddf 100644 --- a/app/models.py +++ b/app/models.py @@ -5,6 +5,7 @@ from typing import List, Optional import pytz from flask_sqlalchemy import SQLAlchemy +from flask import current_app from sqlalchemy import Boolean, Column, DateTime, String, TypeDecorator, ForeignKey, UniqueConstraint from sqlalchemy.orm import Mapped, mapped_column, relationship db : SQLAlchemy = SQLAlchemy() @@ -97,9 +98,10 @@ class Token(db.Model): def __init__(self, name: str) -> None: self.name = name + self.active_course_id = current_app.config["DEFAULT_COURSE"] def __repr__(self) -> str: - return f"" + return f"" def is_unlocked(self, deck: str) -> bool : return deck in [deck.deck for deck in self.decks] diff --git a/app/routes.py b/app/routes.py index a992f2e..d074711 100644 --- a/app/routes.py +++ b/app/routes.py @@ -110,7 +110,13 @@ def set_cookie(token): next_url = url_for("main.index") resp = make_response(redirect(next_url)) - resp.set_cookie('access_token', serialize_token(token), httponly=True) + resp.set_cookie( + 'access_token', + serialize_token(token), + httponly=True, + samesite='Lax', + path='/' + ) return resp @main.route('/set_token', methods=['POST', 'GET']) @@ -135,11 +141,9 @@ def set_token(): flash(f'The username "{user_name}" does not exist.', 'error') return render_template('set_token.html') - next_url = session.pop('next_url', None) - if not next_url: - next_url = url_for("main.index") + print(f"Set token {session}") - set_cookie(token) + return set_cookie(token) return render_template('set_token.html') @@ -173,7 +177,7 @@ def register(): token = create_token(user_name) print(f"User registered: {user_name}") - set_cookie(token) + return set_cookie(token) # If GET request, render the form return render_template('register.html') @@ -226,11 +230,12 @@ def admin_login(): def process_access_code(access_code: str): token = get_token() + print(f"Process {token}") if not token: # remember where the user wanted to go - session['next_url'] = url_for('main.access', access_code=access_code, method="GET") - print(session) + session['next_url'] = url_for('main.access_get', access_code=access_code) + print(f"Process {session}") return redirect(url_for('main.set_token')) password = db.session.execute( diff --git a/package-lock.json b/package-lock.json index f59f68a..48d8f11 100644 --- a/package-lock.json +++ b/package-lock.json @@ -385,6 +385,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.9", "caniuse-lite": "^1.0.30001746", @@ -1171,6 +1172,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1",