Added logic that allows non logged in users to use qr codes

This commit is contained in:
2025-10-20 21:47:51 +02:00
parent e27fe4470e
commit b13314037f
3 changed files with 18 additions and 9 deletions

View File

@@ -110,7 +110,13 @@ def set_cookie(token):
next_url = url_for("main.index")
resp = make_response(redirect(next_url))
resp.set_cookie('access_token', serialize_token(token), httponly=True)
resp.set_cookie(
'access_token',
serialize_token(token),
httponly=True,
samesite='Lax',
path='/'
)
return resp
@main.route('/set_token', methods=['POST', 'GET'])
@@ -135,11 +141,9 @@ def set_token():
flash(f'The username "{user_name}" does not exist.', 'error')
return render_template('set_token.html')
next_url = session.pop('next_url', None)
if not next_url:
next_url = url_for("main.index")
print(f"Set token {session}")
set_cookie(token)
return set_cookie(token)
return render_template('set_token.html')
@@ -173,7 +177,7 @@ def register():
token = create_token(user_name)
print(f"User registered: {user_name}")
set_cookie(token)
return set_cookie(token)
# If GET request, render the form
return render_template('register.html')
@@ -226,11 +230,12 @@ def admin_login():
def process_access_code(access_code: str):
token = get_token()
print(f"Process {token}")
if not token:
# remember where the user wanted to go
session['next_url'] = url_for('main.access', access_code=access_code, method="GET")
print(session)
session['next_url'] = url_for('main.access_get', access_code=access_code)
print(f"Process {session}")
return redirect(url_for('main.set_token'))
password = db.session.execute(