Debug: Add button in admin panel to login to other accounts (#437)

files/__main__.py

@@ -28,7 +28,7 @@ app.jinja_env.cache = {}
 app.jinja_env.auto_reload = True
 faulthandler.enable()
 
-if bool_from_string(environ.get("ENFORCE_PRODUCTION", True)) and app.config["DEBUG"]:
+if bool_from_string(environ.get("ENFORCE_PRODUCTION", True)) and app.debug:
 	raise ValueError("Debug mode is not allowed! If this is a dev environment, please set ENFORCE_PRODUCTION to false")
 
 if environ.get("SITE_ID") is None:
@@ -176,6 +176,7 @@ def before_request():
 		return 'Please use a "User-Agent" header!', 403
 
 	ua = g.agent.lower()
+	g.debug = app.debug
 	g.webview = ('; wv) ' in ua)
 	g.inferior_browser = (
 		'iphone' in ua or

files/helpers/const.py

@@ -76,6 +76,10 @@ VIDEO_FORMATS = ['mp4','webm','mov','avi','mkv','flv','m4v','3gp']
 AUDIO_FORMATS = ['mp3','wav','ogg','aac','m4a','flac']
 NO_TITLE_EXTENSIONS = IMAGE_FORMATS + VIDEO_FORMATS + AUDIO_FORMATS
 
+PERMS = {
+	"DEBUG_LOGIN_TO_OTHERS": 3,
+}
+
 AWARDS = {
 	"lootbox": {
 		"kind": "lootbox",

files/helpers/jinja2.py

@@ -65,6 +65,7 @@ def inject_constants():
 		"DEFAULT_COLOR":DEFAULT_COLOR,
 		"COLORS":COLORS,
 		"THEMES":THEMES,
+		"PERMS":PERMS,
 	}
 
 def template_function(func):

files/routes/__init__.py

@@ -1,3 +1,5 @@
+from files.__main__ import app
+
 from .admin import *
 from .comments import *
 from .errors import *
@@ -15,4 +17,6 @@ from .feeds import *
 from .awards import *
 from .giphy import *
 from .volunteer import *
+if app.debug:
+	from .dev import *
 # from .subs import *

files/routes/dev.py

@@ -0,0 +1,20 @@
+from secrets import token_hex
+from flask import session, redirect, request
+
+from files.helpers.const import PERMS
+from files.helpers.get import get_user
+from files.helpers.wrappers import admin_level_required
+from files.__main__ import app
+
+if not app.debug:
+	raise ImportError("Importing dev routes is not allowed outside of debug mode!")
+
+@app.post('/dev/sessions/')
+@admin_level_required(PERMS['DEBUG_LOGIN_TO_OTHERS'])
+def login_to_other_account(v):
+	u = get_user(request.values.get('username'))
+	session.permanent = True
+	session["lo_user"] = u.id
+	session["login_nonce"] = u.login_nonce
+	session["session_id"] = token_hex(49)
+	return redirect('/')

files/templates/admin/admin_home.html

@@ -59,7 +59,7 @@
 	<li><a href="/daily_chart">Daily Stat Chart</a></li>
 </ul>
 
-{% if v.admin_level > 2 %}
+{% if v.admin_level >= 3 %}
 	<pre></pre>
 	<div class="custom-control custom-switch">
 		<input autocomplete="off" type="checkbox" class="custom-control-input" id="signups" {% if site_settings['Signups'] %}checked{% endif %} onchange="post_toast(this,'/admin/site_settings/Signups');">
@@ -106,5 +106,20 @@
 	<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');">PURGE CDN CACHE</button>
 	<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/dump_cache');">DUMP INTERNAL CACHE</button>
 {% endif %}
-
+{% if g.debug %}
+<section id="admin-section-debug" class="admin-section mt-3">
+	<h4>Debug Options</h4>
+	{% if v.admin_level >= PERMS["DEBUG_LOGIN_TO_OTHERS"] %}
+	<div class="login-to-others mt-3">
+		<h5>Login to another's account</h5>
+		<form action="/dev/sessions/" method="post">
+			<input type="hidden" name="formkey", value="{{v.formkey}}">
+			<label for="username">Username</label>
+			<input name="username" required>
+			<button type="submit" class="btn btn-primary">Login</button>
+		</form>
+	</div>
+	{% endif %}
+</section>
+{% endif %}
 {% endblock %}