Login polish (#2180)

* feat: set `samesite="none", secure=True` for `is_lnbits_user_authorized` (required in iframe) * feat: add icons for User ID actions * feat: set `samesite="none", secure=True
2025-03-26 17:51:53 +01:00 · 2023-12-14 16:07:22 +02:00 · 2023-12-14 16:07:22 +02:00 · db72953310
commit db72953310
parent bb918a8523
3 changed files with 12 additions and 4 deletions
--- a/lnbits/app.py
+++ b/lnbits/app.py
@ -524,7 +524,9 @@ def register_exception_handlers(app: FastAPI):
                response = RedirectResponse("/")
                response.delete_cookie("cookie_access_token")
                response.delete_cookie("is_lnbits_user_authorized")
-                response.set_cookie("is_access_token_expired", "true")
+                response.set_cookie(
+                    "is_access_token_expired", "true", samesite="none", secure=True
+                )
                return response

            return template_renderer().TemplateResponse(
--- a/lnbits/core/templates/core/index.html
+++ b/lnbits/core/templates/core/index.html
@ -52,10 +52,11 @@
                rounded
              >
                <strong>
+                  <q-icon name="account_circle" size="xs"></q-icon>
                  <span v-text="$t('login_with_user_id')"></span> </strong
              ></q-badge>
              {% if LNBITS_NEW_ACCOUNTS_ALLOWED %}
-              <span><span v-text="$t('or')"></span></span>
+              <span v-text="$t('or')"></span>
              <q-badge
                @click="showRegister('user-id-only')"
                color="primary"
@ -63,6 +64,7 @@
                rounded
              >
                <strong>
+                  <q-icon name="add" size="xs"></q-icon>
                  <span v-text="$t('create_new_wallet')"></span>
                </strong>
              </q-badge>
--- a/lnbits/core/views/auth_api.py
+++ b/lnbits/core/views/auth_api.py
@ -293,7 +293,9 @@ def _auth_success_response(
    )
    response = JSONResponse({"access_token": access_token, "token_type": "bearer"})
    response.set_cookie("cookie_access_token", access_token, httponly=True)
-    response.set_cookie("is_lnbits_user_authorized", "true")
+    response.set_cookie(
+        "is_lnbits_user_authorized", "true", samesite="none", secure=True
+    )
    response.delete_cookie("is_access_token_expired")

    return response
@ -303,7 +305,9 @@ def _auth_redirect_response(path: str, email: str) -> RedirectResponse:
    access_token = create_access_token(data={"sub": "" or "", "email": email})
    response = RedirectResponse(path)
    response.set_cookie("cookie_access_token", access_token, httponly=True)
-    response.set_cookie("is_lnbits_user_authorized", "true")
+    response.set_cookie(
+        "is_lnbits_user_authorized", "true", samesite="none", secure=True
+    )
    response.delete_cookie("is_access_token_expired")
    return response