Added logic that allows non logged in users to use qr codes
This commit is contained in:
@@ -110,7 +110,13 @@ def set_cookie(token):
|
||||
next_url = url_for("main.index")
|
||||
|
||||
resp = make_response(redirect(next_url))
|
||||
resp.set_cookie('access_token', serialize_token(token), httponly=True)
|
||||
resp.set_cookie(
|
||||
'access_token',
|
||||
serialize_token(token),
|
||||
httponly=True,
|
||||
samesite='Lax',
|
||||
path='/'
|
||||
)
|
||||
return resp
|
||||
|
||||
@main.route('/set_token', methods=['POST', 'GET'])
|
||||
@@ -135,11 +141,9 @@ def set_token():
|
||||
flash(f'The username "{user_name}" does not exist.', 'error')
|
||||
return render_template('set_token.html')
|
||||
|
||||
next_url = session.pop('next_url', None)
|
||||
if not next_url:
|
||||
next_url = url_for("main.index")
|
||||
print(f"Set token {session}")
|
||||
|
||||
set_cookie(token)
|
||||
return set_cookie(token)
|
||||
|
||||
return render_template('set_token.html')
|
||||
|
||||
@@ -173,7 +177,7 @@ def register():
|
||||
token = create_token(user_name)
|
||||
print(f"User registered: {user_name}")
|
||||
|
||||
set_cookie(token)
|
||||
return set_cookie(token)
|
||||
|
||||
# If GET request, render the form
|
||||
return render_template('register.html')
|
||||
@@ -226,11 +230,12 @@ def admin_login():
|
||||
|
||||
def process_access_code(access_code: str):
|
||||
token = get_token()
|
||||
print(f"Process {token}")
|
||||
|
||||
if not token:
|
||||
# remember where the user wanted to go
|
||||
session['next_url'] = url_for('main.access', access_code=access_code, method="GET")
|
||||
print(session)
|
||||
session['next_url'] = url_for('main.access_get', access_code=access_code)
|
||||
print(f"Process {session}")
|
||||
return redirect(url_for('main.set_token'))
|
||||
|
||||
password = db.session.execute(
|
||||
|
||||
Reference in New Issue
Block a user