Add auth to cookie (#964)

When authenticated, the cookie set will allow the user to stay connected even
if the browser is restarted.

Fixes #951
main
João 2023-03-01 17:58:59 +01:00 committed by GitHub
parent 1759c119a8
commit baa8bd0eb4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 1 deletions

View File

@ -48,6 +48,14 @@ def get_search_name(tbm):
def auth_required(f): def auth_required(f):
@wraps(f) @wraps(f)
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
# do not ask password if cookies already present
if (
valid_user_session(session)
and 'cookies_disabled' not in request.args
and session['auth']
):
return f(*args, **kwargs)
auth = request.authorization auth = request.authorization
# Skip if username/password not set # Skip if username/password not set
@ -57,6 +65,7 @@ def auth_required(f):
auth auth
and whoogle_user == auth.username and whoogle_user == auth.username
and whoogle_pass == auth.password): and whoogle_pass == auth.password):
session['auth'] = True
return f(*args, **kwargs) return f(*args, **kwargs)
else: else:
return make_response('Not logged in', 401, { return make_response('Not logged in', 401, {
@ -140,6 +149,7 @@ def before_request_func():
session['config'] = default_config session['config'] = default_config
session['uuid'] = str(uuid.uuid4()) session['uuid'] = str(uuid.uuid4())
session['key'] = app.enc_key session['key'] = app.enc_key
session['auth'] = False
# Establish config values per user session # Establish config values per user session
g.user_config = Config(**session['config']) g.user_config = Config(**session['config'])

View File

@ -1,7 +1,7 @@
from cryptography.fernet import Fernet from cryptography.fernet import Fernet
from flask import current_app as app from flask import current_app as app
REQUIRED_SESSION_VALUES = ['uuid', 'config', 'key'] REQUIRED_SESSION_VALUES = ['uuid', 'config', 'key', 'auth']
def generate_key() -> bytes: def generate_key() -> bytes:

View File

@ -20,4 +20,5 @@ def client():
session['uuid'] = 'test' session['uuid'] = 'test'
session['key'] = app.enc_key session['key'] = app.enc_key
session['config'] = {} session['config'] = {}
session['auth'] = False
yield client yield client