Add auth to cookie (#964)

When authenticated, the cookie set will allow the user to stay connected even if the browser is restarted. Fixes #951
1 year ago · baa8bd0eb4
parent 1759c119a8
commit baa8bd0eb4
3 changed files with 12 additions and 1 deletions
--- a/app/routes.py
+++ b/app/routes.py
@ -48,6 +48,14 @@ def get_search_name(tbm):
 def auth_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
+        # do not ask password if cookies already present
+        if (
+            valid_user_session(session)
+            and 'cookies_disabled' not in request.args
+            and session['auth']
+        ):
+            return f(*args, **kwargs)
+
        auth = request.authorization

        # Skip if username/password not set
@ -57,6 +65,7 @@ def auth_required(f):
                auth
                and whoogle_user == auth.username
                and whoogle_pass == auth.password):
+            session['auth'] = True
            return f(*args, **kwargs)
        else:
            return make_response('Not logged in', 401, {
@ -140,6 +149,7 @@ def before_request_func():
        session['config'] = default_config
        session['uuid'] = str(uuid.uuid4())
        session['key'] = app.enc_key
+        session['auth'] = False

    # Establish config values per user session
    g.user_config = Config(**session['config'])
--- a/app/utils/session.py
+++ b/app/utils/session.py
@ -1,7 +1,7 @@
 from cryptography.fernet import Fernet
 from flask import current_app as app

-REQUIRED_SESSION_VALUES = ['uuid', 'config', 'key']
+REQUIRED_SESSION_VALUES = ['uuid', 'config', 'key', 'auth']


 def generate_key() -> bytes:
--- a/test/conftest.py
+++ b/test/conftest.py
@ -20,4 +20,5 @@ def client():
            session['uuid'] = 'test'
            session['key'] = app.enc_key
            session['config'] = {}
+            session['auth'] = False
        yield client