From b79283731399caccfacf7560b678bd27eb051394 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Tue, 24 Dec 2024 07:19:11 +0100
Subject: [PATCH] Tell users if they are not allowed to log in at this time

This fixes an error where users were logged in correctly, but then
immediately got redirected to the default sso provider because the
before_request function did not log them in because they were not
allowed to log in at this time.
---
 frontend.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/frontend.py b/frontend.py
index 9589f24..bb34fc4 100644
--- a/frontend.py
+++ b/frontend.py
@@ -241,13 +241,17 @@ def oauth2_callback(provider):
         flash("You are not allowed to log in at this time.", "warning")
         return redirect(url_for("faq", _anchor="signup"))
 
-    session["oauth2_provider"] = provider
-    session["oauth2_userinfo"] = userinfo_json
-
     userid = SSO_CONFIG[provider]["functions"]["userid"](userinfo_json)
     user_is_admin = SSO_CONFIG[provider]["functions"]["is_admin"](userinfo_json)
+    user_without_limits = SSO_CONFIG[provider]["functions"]["no_limit"](userinfo_json)
     REDIS.set(f"admin:{userid}", "1" if user_is_admin else "0")
 
+    if not (user_is_admin or user_without_limits or is_within_timeframe()):
+        return render_template("time_error.jinja")
+
+    session["oauth2_provider"] = provider
+    session["oauth2_userinfo"] = userinfo_json
+
     if "redirect_after_login" in session:
         return redirect(session["redirect_after_login"])
     return redirect(url_for("dashboard"))