fix: don't assume user is trusted when force_logins is turned off

fluidd-core / fluidd

Fluidd, the klipper UI.

https://docs.fluidd.xyz

GNU General Public License v3.0

1.34k stars 401 forks source link

fix: don't assume user is trusted when force_logins is turned off #1318

Closed matmen closed 5 months ago

matmen commented 5 months ago

Fixes https://github.com/fluidd-core/fluidd/issues/1317.

I've tested theme loading and couldn't reproduce the issue described in https://github.com/fluidd-core/fluidd/pull/1065, so I don't think there's any side effects. Not sure why the !forceLogins check was required in the first place in https://github.com/fluidd-core/fluidd/commit/e5d177c854dc806c87c10c6568b04dfe74163b8a, @pedrolamas any chance you remember?

edit: Looks like it was there to prevent unnecessary oneshot token requests, but I think the _TRUSTED_USER_ check should handle all of that

pedrolamas commented 5 months ago

I've tested theme loading and couldn't reproduce the issue described in #1065, so I don't think there's any side effects. Not sure why the !forceLogins check was required in the first place in e5d177c, @pedrolamas any chance you remember?

I think I just didn't think of the scenario we are talking here (unauthorized client) and thus assumed forced_logins needed to be true...

I've tested this PR and seems to work fine, so I think we are good to merge in.