poprawki w autoryzacji

app.py

@@ -255,8 +255,11 @@ def inject_has_authorized_cookie():
 def require_system_password():
     if request.endpoint is None:
         return
+
+    if request.endpoint == 'system_auth':
+        return
+
     if 'authorized' not in request.cookies \
-       and request.endpoint != 'system_auth' \
        and not request.endpoint.startswith('login') \
        and request.endpoint != 'favicon':
 
@@ -456,10 +459,13 @@ def toggle_visibility(list_id):
 
     return redirect(url_for('main_page'))
 
+from sqlalchemy import func
+
 @app.route('/login', methods=['GET', 'POST'])
 def login():
     if request.method == 'POST':
-        user = User.query.filter_by(username=request.form['username']).first()
+        username_input = request.form['username'].lower()
+        user = User.query.filter(func.lower(User.username) == username_input).first()
         if user and check_password_hash(user.password_hash, request.form['password']):
             login_user(user)
             flash('Zalogowano pomyślnie', 'success')
@@ -759,14 +765,14 @@ def delete_list(list_id):
 @login_required
 @admin_required
 def add_user():
-    username = request.form['username']
+    username = request.form['username'].lower()
     password = request.form['password']
 
     if not username or not password:
         flash('Wypełnij wszystkie pola', 'danger')
         return redirect(url_for('list_users'))
 
-    if User.query.filter_by(username=username).first():
+    if User.query.filter(func.lower(User.username) == username).first():
         flash('Użytkownik o takiej nazwie już istnieje', 'warning')
         return redirect(url_for('list_users'))