From e55fbcf1bac4c6bc6de5bd1d34958812031ba66f Mon Sep 17 00:00:00 2001 From: Dropheart Date: Tue, 8 Oct 2024 16:30:43 +0100 Subject: [PATCH] typo in allocations + allow whitelisting of non computing students --- allocations/run.py | 2 +- hono/auth/auth.ts | 28 +++++++++++++++++----------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/allocations/run.py b/allocations/run.py index 5104da1..347ac91 100644 --- a/allocations/run.py +++ b/allocations/run.py @@ -1,4 +1,4 @@ from allocator.allocate import allocate authCookie = input("Please insert your auth cookie:\nThis will only be saved in memory to do the allocations.\nSee the README if you're unsure how to get this.\n") -allocate(authCookie, url="https://family.docsoc.co.uk") +allocate(authCookie, url="https://family.docsoc.co.uk/") diff --git a/hono/auth/auth.ts b/hono/auth/auth.ts index 6bebe1c..e939a79 100644 --- a/hono/auth/auth.ts +++ b/hono/auth/auth.ts @@ -110,22 +110,32 @@ const auth = factory 'mail' ]); - if (res.department != 'Computing') { + const shortcode = res.userPrincipalName.match(/.*(?=@)/g); + if (shortcode == null) { return ctx.json( { - error: 'You are not a Computing student :(' + error: 'User has no shortcode.' }, - 403 + 400 ); } - const shortcode = res.userPrincipalName.match(/.*(?=@)/g); - if (shortcode == null) { + const studentInDb = await db + .select() + .from(students) + .where(eq(students.shortcode, shortcode[0])); + + // We allow them to pass even as non-Computing students if they + // exist in the DB. This is done for cases where there is a + // non Computing member on committee who needs access to the + // admin portal, or a non computing member who is eligible to + // be a parent or student, somehow. + if (studentInDb.length == 0 && res.department != 'Computing') { return ctx.json( { - error: 'User has no shortcode.' + error: 'You are not a Computing student :(' }, - 400 + 403 ); } @@ -149,10 +159,6 @@ const auth = factory ctx.header('Set-Cookie', generateCookieHeader(token, maxAge)); let completedSurvey = false; - const studentInDb = await db - .select() - .from(students) - .where(eq(students.shortcode, shortcode[0])); if (studentInDb.length == 1 && studentInDb[0]?.completedSurvey) completedSurvey = true; else if (studentInDb.length == 0) {