From de580d9a7ee32f83ee6c60bda3bb37e85a32537e Mon Sep 17 00:00:00 2001 From: Peter Heijstek Date: Thu, 3 Apr 2025 11:15:08 +0200 Subject: [PATCH] Initial fix --- ihatemoney/static/css/main.css | 7 ++++++- ihatemoney/templates/home.html | 14 ++++++++++++++ ihatemoney/tests/api_test.py | 27 +++++++++++++++++++++++++++ ihatemoney/web.py | 9 +++++---- 4 files changed, 52 insertions(+), 5 deletions(-) diff --git a/ihatemoney/static/css/main.css b/ihatemoney/static/css/main.css index 46c24642..2249cabf 100644 --- a/ihatemoney/static/css/main.css +++ b/ihatemoney/static/css/main.css @@ -644,4 +644,9 @@ footer .icon svg { .edit-project .custom-file { margin-bottom: 2em; -} \ No newline at end of file +} + +.connected-projects { + a { + } +} diff --git a/ihatemoney/templates/home.html b/ihatemoney/templates/home.html index f2c70d01..b27d7c0b 100644 --- a/ihatemoney/templates/home.html +++ b/ihatemoney/templates/home.html @@ -33,6 +33,20 @@
+ {% if 'projects' in session %} +
+
+ {{ _("Open a project in your current session") }} +
+
+
    + {% for id, name in session['projects'].items() %} +
  • {{name}} + {% endfor %} +
+
+
+ {% endif %}
{{ _("Log in to an existing project") }} diff --git a/ihatemoney/tests/api_test.py b/ihatemoney/tests/api_test.py index 40054f75..d9f655ed 100644 --- a/ihatemoney/tests/api_test.py +++ b/ihatemoney/tests/api_test.py @@ -6,6 +6,7 @@ import pytest from ihatemoney.tests.common.help_functions import em_surround from ihatemoney.tests.common.ihatemoney_testcase import IhatemoneyTestCase +from flask import session class TestAPI(IhatemoneyTestCase): @@ -1079,3 +1080,29 @@ class TestAPI(IhatemoneyTestCase): # Bill type should now be "Expense" got = json.loads(req.data.decode("utf-8")) assert got["bill_type"] == "Expense" + + def test_get_auth(self): + """ + Redirects to logged in projects + """ + self.create_project("test-project") + self.login("test-project") + + def test_post_auth_wrong_password(self): + """ + Rejects wrong passwords for projects + in the session + """ + self.create_project("project1", password="a") + self.login("project1", "a") + + print(session["projects"]) + + + def test_post_auth_correct_password(self): + """ + Accepts correct passwords for projects + in the session + """ + pass + diff --git a/ihatemoney/web.py b/ihatemoney/web.py index 37bd811f..ce3b62ce 100644 --- a/ihatemoney/web.py +++ b/ihatemoney/web.py @@ -258,6 +258,7 @@ def join_project(token): def authenticate(project_id=None): """Authentication form""" form = AuthenticationForm() + is_post_auth = request.method == "POST" and form.validate() if not form.id.data and request.args.get("project_id"): form.id.data = request.args["project_id"] @@ -270,14 +271,13 @@ def authenticate(project_id=None): return render_template( "authenticate.html", form=form, create_project=project_id ) - - # if credentials are already in session, redirect - if session.get(project_id): + + # if credentials are already in session and no password is provided, redirect + if session.get(project_id) and not is_post_auth: setattr(g, "project", project) return redirect(url_for(".list_bills")) # else do form authentication authentication - is_post_auth = request.method == "POST" and form.validate() if is_post_auth and check_password_hash(project.password, form.password.data): set_authorized_project(project) setattr(g, "project", project) @@ -290,6 +290,7 @@ def authenticate(project_id=None): def get_project_form(): + fancy = {'complexity':'Cyclo. compl.', 'churn': 'Churn', 'comments_ratio': 'Ratio', 'loc': 'LOC', 'dit': 'DIT', 'cbo': 'CBO', 'vulns': 'Vuln.', 'smells': 'Smells'} if current_app.config.get("ENABLE_CAPTCHA", False): return ProjectFormWithCaptcha() return ProjectForm()