From db72953310b39478703029e8f7fbb433f5df76c4 Mon Sep 17 00:00:00 2001
From: Vlad Stan <stan.v.vlad@gmail.com>
Date: Thu, 14 Dec 2023 16:07:22 +0200
Subject: [PATCH] Login polish (#2180)

* feat: set `samesite="none", secure=True` for `is_lnbits_user_authorized` (required in iframe)
* feat: add icons for User ID actions
* feat: set `samesite="none", secure=True
---
 lnbits/app.py                         | 4 +++-
 lnbits/core/templates/core/index.html | 4 +++-
 lnbits/core/views/auth_api.py         | 8 ++++++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/lnbits/app.py b/lnbits/app.py
index 84d9084c0..0a753409b 100644
--- a/lnbits/app.py
+++ b/lnbits/app.py
@@ -524,7 +524,9 @@ def register_exception_handlers(app: FastAPI):
                 response = RedirectResponse("/")
                 response.delete_cookie("cookie_access_token")
                 response.delete_cookie("is_lnbits_user_authorized")
-                response.set_cookie("is_access_token_expired", "true")
+                response.set_cookie(
+                    "is_access_token_expired", "true", samesite="none", secure=True
+                )
                 return response
 
             return template_renderer().TemplateResponse(
diff --git a/lnbits/core/templates/core/index.html b/lnbits/core/templates/core/index.html
index 0b01c9933..9d3c26dce 100644
--- a/lnbits/core/templates/core/index.html
+++ b/lnbits/core/templates/core/index.html
@@ -52,10 +52,11 @@
                 rounded
               >
                 <strong>
+                  <q-icon name="account_circle" size="xs"></q-icon>
                   <span v-text="$t('login_with_user_id')"></span> </strong
               ></q-badge>
               {% if LNBITS_NEW_ACCOUNTS_ALLOWED %}
-              <span><span v-text="$t('or')"></span></span>
+              <span v-text="$t('or')"></span>
               <q-badge
                 @click="showRegister('user-id-only')"
                 color="primary"
@@ -63,6 +64,7 @@
                 rounded
               >
                 <strong>
+                  <q-icon name="add" size="xs"></q-icon>
                   <span v-text="$t('create_new_wallet')"></span>
                 </strong>
               </q-badge>
diff --git a/lnbits/core/views/auth_api.py b/lnbits/core/views/auth_api.py
index 85c32a705..48e602b47 100644
--- a/lnbits/core/views/auth_api.py
+++ b/lnbits/core/views/auth_api.py
@@ -293,7 +293,9 @@ def _auth_success_response(
     )
     response = JSONResponse({"access_token": access_token, "token_type": "bearer"})
     response.set_cookie("cookie_access_token", access_token, httponly=True)
-    response.set_cookie("is_lnbits_user_authorized", "true")
+    response.set_cookie(
+        "is_lnbits_user_authorized", "true", samesite="none", secure=True
+    )
     response.delete_cookie("is_access_token_expired")
 
     return response
@@ -303,7 +305,9 @@ def _auth_redirect_response(path: str, email: str) -> RedirectResponse:
     access_token = create_access_token(data={"sub": "" or "", "email": email})
     response = RedirectResponse(path)
     response.set_cookie("cookie_access_token", access_token, httponly=True)
-    response.set_cookie("is_lnbits_user_authorized", "true")
+    response.set_cookie(
+        "is_lnbits_user_authorized", "true", samesite="none", secure=True
+    )
     response.delete_cookie("is_access_token_expired")
     return response