1
0
Fork 0
forked from s3lph/matemat

feat: make user settings available via touchkey login

feat: add an explicit home button to the navbar
This commit is contained in:
s3lph 2024-12-08 04:36:51 +01:00
parent f6f7b5abdb
commit a7150e123e
Signed by untrusted user: s3lph
GPG key ID: 0AA29A52FB33CFB5
13 changed files with 38 additions and 22 deletions

View file

@ -1,5 +1,19 @@
# Matemat Changelog
<!-- BEGIN RELEASE v0.4.4 -->
## Version 0.4.4
UI/UX Release
### Changes
<!-- BEGIN CHANGES 0.4.4 -->
- feat: make user settings available via touchkey login
- feat: add an explicit home button to the navbar
<!-- END CHANGES 0.4.4 -->
<!-- END RELEASE v0.4.4 -->
<!-- BEGIN RELEASE v0.4.3 -->
## Version 0.4.3

View file

@ -1,2 +1,2 @@
__version__ = '0.4.3'
__version__ = '0.4.4'

View file

@ -29,8 +29,8 @@ def admin():
redirect('/login')
authlevel: int = session.get(session_id, 'authentication_level')
uid: int = session.get(session_id, 'authenticated_user')
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey or token (1)
if authlevel < 2:
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (2) or token (1)
if authlevel < 3:
abort(403)
# Connect to the database

View file

@ -41,7 +41,7 @@ def buy():
Notification.success(
f'Purchased <strong>{product.name}</strong> for <strong>{format_chf(price)}</strong>', decay=True)
# Logout user if configured, logged in via touchkey and no price entry input was shown
if user.logout_after_purchase and authlevel < 2 and not product.custom_price:
if user.logout_after_purchase and authlevel < 3 and not product.custom_price:
redirect('/logout')
# Redirect to the main page (where this request should have come from)
redirect('/')

View file

@ -35,8 +35,8 @@ def login_page():
redirect('/login')
# Set the user ID session variable
session.put(session_id, 'authenticated_user', user.id)
# Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
session.put(session_id, 'authentication_level', 2)
# Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
session.put(session_id, 'authentication_level', 3)
# Redirect to the main page, showing the product list
redirect('/')
# If neither GET nor POST was used, show a 405 Method Not Allowed error page

View file

@ -35,7 +35,7 @@ def main_page():
user, token = db.tokenlogin(str(request.params.ean))
# Set the user ID session variable
session.put(session_id, 'authenticated_user', user.id)
# Set the authlevel session variable (0 = none, 1 = touchkey/token, 2 = password login)
# Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
session.put(session_id, 'authentication_level', 1)
redirect('/')
except AuthenticationError:

View file

@ -28,8 +28,8 @@ def modproduct():
redirect('/login')
authlevel: int = session.get(session_id, 'authentication_level')
auth_uid: int = session.get(session_id, 'authenticated_user')
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
if authlevel < 2:
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1) / touchkey (2)
if authlevel < 3:
abort(403)
# Connect to the database

View file

@ -28,8 +28,8 @@ def moduser():
redirect('/login')
authlevel: int = session.get(session_id, 'authentication_level')
auth_uid: int = session.get(session_id, 'authenticated_user')
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
if authlevel < 2:
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1) / touchkey (2)
if authlevel < 3:
abort(403)
# Connect to the database

View file

@ -29,7 +29,7 @@ def settings():
redirect('/login')
authlevel: int = session.get(session_id, 'authentication_level')
uid: int = session.get(session_id, 'authenticated_user')
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey or token (1)
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1)
if authlevel < 2:
abort(403)
@ -123,11 +123,12 @@ def handle_change(args: FormsDict, files: FormsDict, user: User, db: MatematData
return
token = str(args.token)
if len(token) < 6:
Notification.error(f'Token must at least be 6 characters long', decay=True)
return
name = None if 'name' not in args or len(args.name) == 0 else str(args.name)
try:
tokobj = db.add_token(user, token, name)
Notification.success(f'Token {tokobj.name} created successfully')
Notification.success(f'Token {tokobj.name} created successfully', decay=True)
except DatabaseConsistencyError:
Notification.error('Token already exists', decay=True)

View file

@ -86,8 +86,8 @@ def signup():
redirect('/signup')
# Set the user ID session variable
session.put(session_id, 'authenticated_user', user.id)
# Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
session.put(session_id, 'authentication_level', 2)
# Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
session.put(session_id, 'authentication_level', 3)
# Redirect to the main page, showing the product list
redirect('/')
elif request.method != 'GET':

View file

@ -23,7 +23,7 @@ def statistics():
authlevel: int = session.get(session_id, 'authentication_level')
auth_uid: int = session.get(session_id, 'authenticated_user')
# Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
if authlevel < 2:
if authlevel < 3:
abort(403)
# Connect to the database

View file

@ -51,8 +51,8 @@ def touchkey_page():
redirect(url)
# Set the user ID session variable
session.put(session_id, 'authenticated_user', user.id)
# Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
session.put(session_id, 'authentication_level', 1)
# Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
session.put(session_id, 'authentication_level', 2)
if request.params.buypid:
buypid = str(request.params.buypid)
redirect(f'/buy?pid={buypid}')

View file

@ -23,10 +23,11 @@
</button>
<div class="collapse navbar-collapse" id="navbar-collapse">
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
<li class="nav-item"><a href="/" class="nav-link"></i>Home</a></li>
{# Show a link to the settings, if a user logged in via password (authlevel 2). #}
{% if authuser is defined and authlevel|default(0) > 1 %}
<li class="nav-item"><a href="/settings" class="nav-link">Settings</a></li>
{% if authuser.is_admin %}
{% if authuser.is_admin and authlevel|default(0) > 2 %}
<li class="nav-item"><a href="/admin" class="nav-link">Administration</a></li>
<li class="nav-item"><a href="/statistics" class="nav-link">Sales Statistics</a></li>
{% endif %}
@ -61,7 +62,7 @@
<footer class="fixed-bottom p-3 bg-light">
{% block footer %}
<div class="container text-muted">
<div class="text-muted">
{{ setupname|safe }} | Matemat {{ __version__ }}
</div>
{% endblock %}