Fix: Kassen ohne Passwort können nun wieder geöffnet werden

- Backend erkennt passwortlose Instanzen (Hash von leerem String) - Login-Formular: required entfernt, Hinweis für passwortlose Kassen - Bei leerem Feld und passwortloser Kasse wird Zugang gewährt Made-with: Cursor
2026-03-22 16:53:14 +01:00
parent c23f08fdd9
commit ef36d63aa7
2 changed files with 16 additions and 4 deletions
--- a/app.py
+++ b/app.py
@@ -165,9 +165,21 @@ def admin(instance_id):
        
    auth_key = f'admin_auth_{instance_id}'
    
+    # Check if instance has no password (empty or None)
+    stored_password = instance['password']
+    has_no_password = (
+        stored_password is None or
+        check_password_hash(stored_password, '')
+    )
+
    # Handle Login Submission
    if request.method == "POST" and 'admin_password' in request.form:
-        if check_password_hash(instance['password'], request.form['admin_password']):
+        entered = request.form['admin_password']
+        if has_no_password and entered == '':
+            session[auth_key] = True
+            conn.close()
+            return redirect(url_for('admin', instance_id=instance_id))
+        elif not has_no_password and check_password_hash(stored_password, entered):
            session[auth_key] = True
            conn.close()
            return redirect(url_for('admin', instance_id=instance_id))
--- a/templates/login.html
+++ b/templates/login.html
@@ -22,9 +22,9 @@

        <form method="post" class="bg-white p-4 shadow-sm rounded">
            <div class="form-group">
-                <label for="admin_password">Passworteingabe erforderlich</label>
-                <input type="password" class="form-control" name="admin_password" id="admin_password" required
-                    autofocus>
+                <label for="admin_password">Passwort (bei passwortloser Kasse leer lassen)</label>
+                <input type="password" class="form-control" name="admin_password" id="admin_password"
+                    autofocus placeholder="Leer lassen wenn keine Kasse mit Passwort">
            </div>
            <button type="submit" class="btn btn-primary w-100">Einloggen</button>
            <a href="{{ url_for('index', instance_id=instance_id) }}" class="btn btn-secondary w-100 mt-2">Zurück zur