Add auth to cookie (#964)

When authenticated, the cookie set will allow the user to stay connected even
if the browser is restarted.

Fixes #951
main
João 2023-03-01 17:58:59 +01:00 committed by GitHub
parent 1759c119a8
commit baa8bd0eb4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 1 deletions

View File

@ -48,6 +48,14 @@ def get_search_name(tbm):
def auth_required(f):
@wraps(f)
def decorated(*args, **kwargs):
# do not ask password if cookies already present
if (
valid_user_session(session)
and 'cookies_disabled' not in request.args
and session['auth']
):
return f(*args, **kwargs)
auth = request.authorization
# Skip if username/password not set
@ -57,6 +65,7 @@ def auth_required(f):
auth
and whoogle_user == auth.username
and whoogle_pass == auth.password):
session['auth'] = True
return f(*args, **kwargs)
else:
return make_response('Not logged in', 401, {
@ -140,6 +149,7 @@ def before_request_func():
session['config'] = default_config
session['uuid'] = str(uuid.uuid4())
session['key'] = app.enc_key
session['auth'] = False
# Establish config values per user session
g.user_config = Config(**session['config'])

View File

@ -1,7 +1,7 @@
from cryptography.fernet import Fernet
from flask import current_app as app
REQUIRED_SESSION_VALUES = ['uuid', 'config', 'key']
REQUIRED_SESSION_VALUES = ['uuid', 'config', 'key', 'auth']
def generate_key() -> bytes:

View File

@ -20,4 +20,5 @@ def client():
session['uuid'] = 'test'
session['key'] = app.enc_key
session['config'] = {}
session['auth'] = False
yield client