Disable the enforced header until all extensions are updated and add a fallback option to trigger a manual login (#2155)

2024-09-21 01:11:29 +02:00 · 2024-07-12 17:27:11 +02:00 · 2024-07-12 17:27:11 +02:00 · 3afc90d3fb
commit 3afc90d3fb
parent 1482bb4a33
3 changed files with 21 additions and 10 deletions
--- a/app/api/base.py
+++ b/app/api/base.py
@ -5,7 +5,6 @@ import arrow
 from flask import Blueprint, request, jsonify, g
 from flask_login import current_user

-from app import constants
 from app.db import Session
 from app.models import ApiKey

@ -19,9 +18,10 @@ def authorize_request() -> Optional[Tuple[str, int]]:
    api_key = ApiKey.get_by(code=api_code)

    if not api_key:
-        if current_user.is_authenticated and request.headers.get(
-            constants.HEADER_ALLOW_API_COOKIES
-        ):
+        if current_user.is_authenticated:
+            # if current_user.is_authenticated and request.headers.get(
+            #    constants.HEADER_ALLOW_API_COOKIES
+            # ):
            g.user = current_user
        else:
            return jsonify(error="Wrong api key"), 401
--- a/app/onboarding/views/index.py
+++ b/app/onboarding/views/index.py
@ -1,7 +1,13 @@
 from app.onboarding.base import onboarding_bp
-from flask import render_template
+from flask import render_template, url_for, redirect


@onboarding_bp.route("/", methods=["GET"])
 def index():
-    return render_template("onboarding/index.html")
+    # Do the redirect to ensure cookies are set because they are SameSite=lax/strict
+    return redirect(url_for("onboarding.setup"))
+
+
+@onboarding_bp.route("/setup", methods=["GET"])
+def setup():
+    return render_template("onboarding/setup.html")
--- a/templates/onboarding/setup.html
+++ b/templates/onboarding/setup.html
@ -19,7 +19,10 @@
    <div class="mt-8 text-center">
      {% if current_user != None and current_user.is_authenticated %}

-        <h2 class="text-black-50" style="font-size:2rem">Performing the extension setup...</h2>
+        <h2 class="text-black-50" style="font-size:2rem">
+          Automatically performing extension setup.
+          If the setup doesn't start in a couple seconds click <a onclick="sendSetupMessage()" class="text-primary">here</a>
+        </h2>
      {% else %}
        <a class="mx-6 p-4 text-decoration-none"
           style="background:black;
@ -41,6 +44,10 @@
  {% if current_user != None and current_user.is_authenticated %}

    <script type="text/javascript">
+    function sendSetupMessage(){
+        const data = { tag: "PERFORM_EXTENSION_SETUP" };
+        window.postMessage(data, "/");
+    }
        let counterIterations = 5;
        let extensionSetupIntervalId = setInterval(function() {
            counterIterations--;
@ -48,9 +55,7 @@
                clearInterval(extensionSetupIntervalId);
                return;
            }
-
-            const data = { tag: "PERFORM_EXTENSION_SETUP" };
-            window.postMessage(data, "/");
+            sendSetupMessage()
        }, 300); // Send it many times, in case the extension had not registered the listener yet
    </script>
  {% endif %}