Disable the enforced header until all extensions are updated and add a fallback option to trigger a manual login (#2155)

This commit is contained in:
Adrià Casajús 2024-07-12 17:27:11 +02:00 committed by GitHub
parent 1482bb4a33
commit 3afc90d3fb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 21 additions and 10 deletions

View File

@ -5,7 +5,6 @@ import arrow
from flask import Blueprint, request, jsonify, g from flask import Blueprint, request, jsonify, g
from flask_login import current_user from flask_login import current_user
from app import constants
from app.db import Session from app.db import Session
from app.models import ApiKey from app.models import ApiKey
@ -19,9 +18,10 @@ def authorize_request() -> Optional[Tuple[str, int]]:
api_key = ApiKey.get_by(code=api_code) api_key = ApiKey.get_by(code=api_code)
if not api_key: if not api_key:
if current_user.is_authenticated and request.headers.get( if current_user.is_authenticated:
constants.HEADER_ALLOW_API_COOKIES # if current_user.is_authenticated and request.headers.get(
): # constants.HEADER_ALLOW_API_COOKIES
# ):
g.user = current_user g.user = current_user
else: else:
return jsonify(error="Wrong api key"), 401 return jsonify(error="Wrong api key"), 401

View File

@ -1,7 +1,13 @@
from app.onboarding.base import onboarding_bp from app.onboarding.base import onboarding_bp
from flask import render_template from flask import render_template, url_for, redirect
@onboarding_bp.route("/", methods=["GET"]) @onboarding_bp.route("/", methods=["GET"])
def index(): def index():
return render_template("onboarding/index.html") # Do the redirect to ensure cookies are set because they are SameSite=lax/strict
return redirect(url_for("onboarding.setup"))
@onboarding_bp.route("/setup", methods=["GET"])
def setup():
return render_template("onboarding/setup.html")

View File

@ -19,7 +19,10 @@
<div class="mt-8 text-center"> <div class="mt-8 text-center">
{% if current_user != None and current_user.is_authenticated %} {% if current_user != None and current_user.is_authenticated %}
<h2 class="text-black-50" style="font-size:2rem">Performing the extension setup...</h2> <h2 class="text-black-50" style="font-size:2rem">
Automatically performing extension setup.
If the setup doesn't start in a couple seconds click <a onclick="sendSetupMessage()" class="text-primary">here</a>
</h2>
{% else %} {% else %}
<a class="mx-6 p-4 text-decoration-none" <a class="mx-6 p-4 text-decoration-none"
style="background:black; style="background:black;
@ -41,6 +44,10 @@
{% if current_user != None and current_user.is_authenticated %} {% if current_user != None and current_user.is_authenticated %}
<script type="text/javascript"> <script type="text/javascript">
function sendSetupMessage(){
const data = { tag: "PERFORM_EXTENSION_SETUP" };
window.postMessage(data, "/");
}
let counterIterations = 5; let counterIterations = 5;
let extensionSetupIntervalId = setInterval(function() { let extensionSetupIntervalId = setInterval(function() {
counterIterations--; counterIterations--;
@ -48,9 +55,7 @@
clearInterval(extensionSetupIntervalId); clearInterval(extensionSetupIntervalId);
return; return;
} }
sendSetupMessage()
const data = { tag: "PERFORM_EXTENSION_SETUP" };
window.postMessage(data, "/");
}, 300); // Send it many times, in case the extension had not registered the listener yet }, 300); // Send it many times, in case the extension had not registered the listener yet
</script> </script>
{% endif %} {% endif %}