From a7150e123e495ede388b0665e2c4512854edaf02 Mon Sep 17 00:00:00 2001
From: s3lph <s3lph@kabelsalat.ch>
Date: Sun, 8 Dec 2024 04:36:51 +0100
Subject: [PATCH] feat: make user settings available via touchkey login feat:
 add an explicit home button to the navbar

---
 CHANGELOG.md                             | 14 ++++++++++++++
 matemat/__init__.py                      |  2 +-
 matemat/webserver/pagelets/admin.py      |  4 ++--
 matemat/webserver/pagelets/buy.py        |  2 +-
 matemat/webserver/pagelets/login.py      |  4 ++--
 matemat/webserver/pagelets/main.py       |  2 +-
 matemat/webserver/pagelets/modproduct.py |  4 ++--
 matemat/webserver/pagelets/moduser.py    |  4 ++--
 matemat/webserver/pagelets/settings.py   |  5 +++--
 matemat/webserver/pagelets/signup.py     |  4 ++--
 matemat/webserver/pagelets/statistics.py |  2 +-
 matemat/webserver/pagelets/touchkey.py   |  4 ++--
 templates/base.html                      |  9 +++++----
 13 files changed, 38 insertions(+), 22 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 57208ad..b40070a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,19 @@
 # Matemat Changelog
 
+<!-- BEGIN RELEASE v0.4.4 -->
+## Version 0.4.4
+
+UI/UX Release
+
+### Changes
+
+<!-- BEGIN CHANGES 0.4.4 -->
+- feat: make user settings available via touchkey login
+- feat: add an explicit home button to the navbar
+<!-- END CHANGES 0.4.4 -->
+
+<!-- END RELEASE v0.4.4 -->
+
 <!-- BEGIN RELEASE v0.4.3 -->
 ## Version 0.4.3
 
diff --git a/matemat/__init__.py b/matemat/__init__.py
index 6a88845..64d60f8 100644
--- a/matemat/__init__.py
+++ b/matemat/__init__.py
@@ -1,2 +1,2 @@
 
-__version__ = '0.4.3'
+__version__ = '0.4.4'
diff --git a/matemat/webserver/pagelets/admin.py b/matemat/webserver/pagelets/admin.py
index 338d2fc..10c18fb 100644
--- a/matemat/webserver/pagelets/admin.py
+++ b/matemat/webserver/pagelets/admin.py
@@ -29,8 +29,8 @@ def admin():
         redirect('/login')
     authlevel: int = session.get(session_id, 'authentication_level')
     uid: int = session.get(session_id, 'authenticated_user')
-    # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey or token (1)
-    if authlevel < 2:
+    # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (2) or token (1)
+    if authlevel < 3:
         abort(403)
 
     # Connect to the database
diff --git a/matemat/webserver/pagelets/buy.py b/matemat/webserver/pagelets/buy.py
index 5ce27ba..c41c80a 100644
--- a/matemat/webserver/pagelets/buy.py
+++ b/matemat/webserver/pagelets/buy.py
@@ -41,7 +41,7 @@ def buy():
                 Notification.success(
                     f'Purchased <strong>{product.name}</strong> for <strong>{format_chf(price)}</strong>', decay=True)
                 # Logout user if configured, logged in via touchkey and no price entry input was shown
-                if user.logout_after_purchase and authlevel < 2 and not product.custom_price:
+                if user.logout_after_purchase and authlevel < 3 and not product.custom_price:
                     redirect('/logout')
     # Redirect to the main page (where this request should have come from)
     redirect('/')
diff --git a/matemat/webserver/pagelets/login.py b/matemat/webserver/pagelets/login.py
index 4682bff..9b1adce 100644
--- a/matemat/webserver/pagelets/login.py
+++ b/matemat/webserver/pagelets/login.py
@@ -35,8 +35,8 @@ def login_page():
                 redirect('/login')
         # Set the user ID session variable
         session.put(session_id, 'authenticated_user', user.id)
-        # Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
-        session.put(session_id, 'authentication_level', 2)
+        # Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
+        session.put(session_id, 'authentication_level', 3)
         # Redirect to the main page, showing the product list
         redirect('/')
     # If neither GET nor POST was used, show a 405 Method Not Allowed error page
diff --git a/matemat/webserver/pagelets/main.py b/matemat/webserver/pagelets/main.py
index 58da2b6..897b6a5 100644
--- a/matemat/webserver/pagelets/main.py
+++ b/matemat/webserver/pagelets/main.py
@@ -35,7 +35,7 @@ def main_page():
                         user, token = db.tokenlogin(str(request.params.ean))
                         # Set the user ID session variable
                         session.put(session_id, 'authenticated_user', user.id)
-                        # Set the authlevel session variable (0 = none, 1 = touchkey/token, 2 = password login)
+                        # Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
                         session.put(session_id, 'authentication_level', 1)
                         redirect('/')
                     except AuthenticationError:
diff --git a/matemat/webserver/pagelets/modproduct.py b/matemat/webserver/pagelets/modproduct.py
index 8bf07fc..c11a6ba 100644
--- a/matemat/webserver/pagelets/modproduct.py
+++ b/matemat/webserver/pagelets/modproduct.py
@@ -28,8 +28,8 @@ def modproduct():
         redirect('/login')
     authlevel: int = session.get(session_id, 'authentication_level')
     auth_uid: int = session.get(session_id, 'authenticated_user')
-    # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
-    if authlevel < 2:
+    # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1) / touchkey (2)
+    if authlevel < 3:
         abort(403)
 
     # Connect to the database
diff --git a/matemat/webserver/pagelets/moduser.py b/matemat/webserver/pagelets/moduser.py
index fd8dad3..172ad83 100644
--- a/matemat/webserver/pagelets/moduser.py
+++ b/matemat/webserver/pagelets/moduser.py
@@ -28,8 +28,8 @@ def moduser():
         redirect('/login')
     authlevel: int = session.get(session_id, 'authentication_level')
     auth_uid: int = session.get(session_id, 'authenticated_user')
-    # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
-    if authlevel < 2:
+    # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1) / touchkey (2)
+    if authlevel < 3:
         abort(403)
 
     # Connect to the database
diff --git a/matemat/webserver/pagelets/settings.py b/matemat/webserver/pagelets/settings.py
index dc27bce..dc15302 100644
--- a/matemat/webserver/pagelets/settings.py
+++ b/matemat/webserver/pagelets/settings.py
@@ -29,7 +29,7 @@ def settings():
         redirect('/login')
     authlevel: int = session.get(session_id, 'authentication_level')
     uid: int = session.get(session_id, 'authenticated_user')
-    # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey or token (1)
+    # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via token (1)
     if authlevel < 2:
         abort(403)
 
@@ -123,11 +123,12 @@ def handle_change(args: FormsDict, files: FormsDict, user: User, db: MatematData
                 return
             token = str(args.token)
             if len(token) < 6:
+                Notification.error(f'Token must at least be 6 characters long', decay=True)
                 return
             name = None if 'name' not in args or len(args.name) == 0 else str(args.name)
             try:
                 tokobj = db.add_token(user, token, name)
-                Notification.success(f'Token {tokobj.name} created successfully')
+                Notification.success(f'Token {tokobj.name} created successfully', decay=True)
             except DatabaseConsistencyError:
                 Notification.error('Token already exists', decay=True)
 
diff --git a/matemat/webserver/pagelets/signup.py b/matemat/webserver/pagelets/signup.py
index 042fde0..a5ab403 100644
--- a/matemat/webserver/pagelets/signup.py
+++ b/matemat/webserver/pagelets/signup.py
@@ -86,8 +86,8 @@ def signup():
                 redirect('/signup')
             # Set the user ID session variable
             session.put(session_id, 'authenticated_user', user.id)
-            # Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
-            session.put(session_id, 'authentication_level', 2)
+            # Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
+            session.put(session_id, 'authentication_level', 3)
             # Redirect to the main page, showing the product list
             redirect('/')
     elif request.method != 'GET':
diff --git a/matemat/webserver/pagelets/statistics.py b/matemat/webserver/pagelets/statistics.py
index 97d3f99..438f3bb 100644
--- a/matemat/webserver/pagelets/statistics.py
+++ b/matemat/webserver/pagelets/statistics.py
@@ -23,7 +23,7 @@ def statistics():
     authlevel: int = session.get(session_id, 'authentication_level')
     auth_uid: int = session.get(session_id, 'authenticated_user')
     # Show a 403 Forbidden error page if no user is logged in (0) or a user logged in via touchkey (1)
-    if authlevel < 2:
+    if authlevel < 3:
         abort(403)
 
     # Connect to the database
diff --git a/matemat/webserver/pagelets/touchkey.py b/matemat/webserver/pagelets/touchkey.py
index 2baa9ad..e41ebd8 100644
--- a/matemat/webserver/pagelets/touchkey.py
+++ b/matemat/webserver/pagelets/touchkey.py
@@ -51,8 +51,8 @@ def touchkey_page():
                     redirect(url)
             # Set the user ID session variable
             session.put(session_id, 'authenticated_user', user.id)
-            # Set the authlevel session variable (0 = none, 1 = touchkey, 2 = password login)
-            session.put(session_id, 'authentication_level', 1)
+            # Set the authlevel session variable (0 = none, 1 = token, 2 = touchkey, 3 = password)
+            session.put(session_id, 'authentication_level', 2)
             if request.params.buypid:
                 buypid = str(request.params.buypid)
                 redirect(f'/buy?pid={buypid}')
diff --git a/templates/base.html b/templates/base.html
index 69633ca..b3d2520 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -23,12 +23,13 @@
           </button>
 	  <div class="collapse navbar-collapse" id="navbar-collapse">
 	    <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+	      <li class="nav-item"><a href="/" class="nav-link"></i>Home</a></li>
 	      {# Show a link to the settings, if a user logged in via password (authlevel 2). #}
 	      {% if authuser is defined and authlevel|default(0) > 1 %}
 		<li class="nav-item"><a href="/settings" class="nav-link">Settings</a></li>
-		{% if authuser.is_admin %}
-		  <li class="nav-item"><a href="/admin" class="nav-link">Administration</a></li>
-	      <li class="nav-item"><a href="/statistics" class="nav-link">Sales Statistics</a></li>
+		{% if authuser.is_admin and authlevel|default(0) > 2 %}
+		<li class="nav-item"><a href="/admin" class="nav-link">Administration</a></li>
+		<li class="nav-item"><a href="/statistics" class="nav-link">Sales Statistics</a></li>
 	    {% endif %}
 	  {% endif %}
 	  {# Login/Logout buttons #}
@@ -61,7 +62,7 @@
 
     <footer class="fixed-bottom p-3 bg-light">
       {% block footer %}
-	<div class="container text-muted">
+	<div class="text-muted">
 	    {{ setupname|safe }} | Matemat {{ __version__ }}
 	</div>
       {% endblock %}