diff --git a/app.py b/app.py index bb82bc1..8d498d4 100644 --- a/app.py +++ b/app.py @@ -255,8 +255,11 @@ def inject_has_authorized_cookie(): def require_system_password(): if request.endpoint is None: return + + if request.endpoint == 'system_auth': + return + if 'authorized' not in request.cookies \ - and request.endpoint != 'system_auth' \ and not request.endpoint.startswith('login') \ and request.endpoint != 'favicon': @@ -456,10 +459,13 @@ def toggle_visibility(list_id): return redirect(url_for('main_page')) +from sqlalchemy import func + @app.route('/login', methods=['GET', 'POST']) def login(): if request.method == 'POST': - user = User.query.filter_by(username=request.form['username']).first() + username_input = request.form['username'].lower() + user = User.query.filter(func.lower(User.username) == username_input).first() if user and check_password_hash(user.password_hash, request.form['password']): login_user(user) flash('Zalogowano pomyślnie', 'success') @@ -759,14 +765,14 @@ def delete_list(list_id): @login_required @admin_required def add_user(): - username = request.form['username'] + username = request.form['username'].lower() password = request.form['password'] if not username or not password: flash('Wypełnij wszystkie pola', 'danger') return redirect(url_for('list_users')) - if User.query.filter_by(username=username).first(): + if User.query.filter(func.lower(User.username) == username).first(): flash('Użytkownik o takiej nazwie już istnieje', 'warning') return redirect(url_for('list_users')) diff --git a/static/js/toasts.js b/static/js/toasts.js index b823406..1037954 100644 --- a/static/js/toasts.js +++ b/static/js/toasts.js @@ -8,5 +8,5 @@ function showToast(message, type = 'primary') { toast.innerHTML = `
${message}
`; toastContainer.appendChild(toast); - setTimeout(() => { toast.remove(); }, 4000); + setTimeout(() => { toast.remove(); }, 2000); }