From 5cdf548f5e2f391433cb8546c2480303e9dd4f96 Mon Sep 17 00:00:00 2001
From: Bastian Rihm <brihm@intevation.de>
Date: Tue, 21 May 2024 15:54:52 +0200
Subject: [PATCH] Alow mediafile access of anonymous user

---
 src/auth.py        | 5 ++---
 src/mediaserver.py | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/auth.py b/src/auth.py
index 222c7a9..0760e95 100644
--- a/src/auth.py
+++ b/src/auth.py
@@ -2,7 +2,6 @@
 
 import requests
 from authlib import (
-    ANONYMOUS_USER,
     AUTHENTICATION_HEADER,
     COOKIE_NAME,
     AuthenticateException,
@@ -15,7 +14,7 @@
 from .exceptions import ServerError
 
 
-def check_login():
+def check_login_valid():
     """Returns whether the user is logged in or not."""
     auth_handler = AuthHandler(app.logger.debug)
     cookie = request.cookies.get(COOKIE_NAME, "")
@@ -23,7 +22,7 @@ def check_login():
         user_id = auth_handler.authenticate_only_refresh_id(parse.unquote(cookie))
     except (AuthenticateException, InvalidCredentialsException):
         return False
-    return user_id != ANONYMOUS_USER
+    return True
 
 
 def check_file_id(file_id, presenter_headers):
diff --git a/src/mediaserver.py b/src/mediaserver.py
index e322ff1..dff05c1 100644
--- a/src/mediaserver.py
+++ b/src/mediaserver.py
@@ -6,7 +6,7 @@
 
 from flask import Flask, Response, jsonify, redirect, request
 
-from .auth import AUTHENTICATION_HEADER, check_file_id, check_login
+from .auth import AUTHENTICATION_HEADER, check_file_id, check_login_valid
 from .config_handling import init_config, is_dev_mode
 from .database import Database
 from .exceptions import BadRequestError, HttpError, NotFoundError
@@ -35,7 +35,7 @@ def handle_view_error(error):
 
 @app.route("/system/media/get/<int:file_id>")
 def serve(file_id):
-    if not check_login():
+    if not check_login_valid():
         return redirect("/")
 
     # get file id