disable csrf and fix bugs

2024-06-21 11:36:47 +02:00 · 2024-06-21 11:36:47 +02:00 · 69220b836a
commit 69220b836a
parent c600c43d79
3 changed files with 5 additions and 5 deletions
--- a/slaeforms/app.py
+++ b/slaeforms/app.py
@ -32,7 +32,6 @@ app = Flask(__name__)
 app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///database.db"
 app.config["PERMANENT_SESSION_LIFETIME"] = 10800 #3 Stunden, 10800 sekunden
 db.init_app(app)
-#csrf = CSRFProtect(app) #enable CSRF protection globally

 #set the secret key (TODO change this for final deployment)
 app.secret_key = b"29fe9e8edd407c5491d4f1c05632d9fa33e26ed8734a3f5e080ebac3772a555a"
@ -180,15 +179,15 @@ def teststartpage():
        session["current_block_name"] = session["block_names"][session["current_block_index"]]
        session["number_of_blocks"] = len(session["block_names"])
        current_block = config[session["current_block_name"]]
+        session["number_of_stimuli"] = 0

        # if the block has stimuli, get how many
        if "stimuli" in current_block:
-            if current_block["stimuli"]["type"] == "single_video":
+            if current_block["stimuli"]["type"] == "single_video" or current_block["stimuli"]["type"] == "empty":
                session["number_of_stimuli"] = len(list(current_block["stimuli"]["list"]))
            elif current_block["stimuli"]["type"] == "double_video":
                session["number_of_stimuli"] = len(list(current_block["stimuli"]["list_1"]))

-
        print("number of blocks: ",len(session["block_names"]))
        
        print("Startpage post")
@ -378,6 +377,7 @@ def update_session():
    if "stimuli" in config[session["current_block_name"]]:
        # if there are stimuli in this block
        if session["current_stimulus_index"] < session["number_of_stimuli"]-1:
+            
            # if there are still stimuli left, keep going through them
            session["current_stimulus_index"] += 1
            # set the name of the current stimulus
--- a/slaeforms/templates/standard_template.html
+++ b/slaeforms/templates/standard_template.html
@ -103,7 +103,7 @@ step={{question["step"]}}
        {% endif %}

        <form class="formlayout" id="question_form" action="http://localhost:5000/send_json" method="post">
-            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+            
            {% for question in questions %}
            {% if (questions[question]["type"] == "likert") %}
            <div class="likercontainer">
--- a/slaeforms/templates/teststartpage.html
+++ b/slaeforms/templates/teststartpage.html
@ -20,7 +20,7 @@
    </p>
    </div>
    <form class="dsgvoform" action="http://localhost:5000/teststart" method="post">
-        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+        
    <label for="terms-and-conditions">
        <input class="inline" id="terms-and-conditions" type="checkbox" required name="terms-and-conditions" /> I accept the +terms and conditions</a>
    </label>