Merge pull request #1395 from onionshare/developv2.3.3

Version 2.3.3, merge develop into stable

1 files changed, 33 insertions, 22 deletions

diff --git a/cli/onionshare_cli/web/chat_mode.py b/cli/onionshare_cli/web/chat_mode.py
index d4c57438..f6dc2d1a 100644
--- a/cli/onionshare_cli/web/chat_mode.py
+++ b/cli/onionshare_cli/web/chat_mode.py
@@ -18,16 +18,7 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 
-from flask import (
-    Request,
-    request,
-    render_template,
-    make_response,
-    jsonify,
-    redirect,
-    session,
-)
-from werkzeug.utils import secure_filename
+from flask import request, render_template, make_response, jsonify, session
 from flask_socketio import emit, join_room, leave_room
 
 
@@ -48,6 +39,12 @@ class ChatModeWeb:
         # This tracks the history id
         self.cur_history_id = 0
 
+        # Whether or not we can send REQUEST_INDIVIDUAL_FILE_STARTED
+        # and maybe other events when requests come in to this mode
+        # Chat mode has no concept of individual file requests that
+        # turn into history widgets in the GUI, so set it to False
+        self.supports_file_requests = False
+
         self.define_routes()
 
     def define_routes(self):
@@ -55,7 +52,7 @@ class ChatModeWeb:
         The web app routes for chatting
         """
 
-        @self.web.app.route("/")
+        @self.web.app.route("/", methods=["GET"], provide_automatic_options=False)
         def index():
             history_id = self.cur_history_id
             self.cur_history_id += 1
@@ -76,31 +73,45 @@ class ChatModeWeb:
                     "chat.html",
                     static_url_path=self.web.static_url_path,
                     username=session.get("name"),
+                    title=self.web.settings.get("general", "title"),
                 )
             )
             return self.web.add_security_headers(r)
 
-        @self.web.app.route("/update-session-username", methods=["POST"])
+        @self.web.app.route("/update-session-username", methods=["POST"], provide_automatic_options=False)
         def update_session_username():
             history_id = self.cur_history_id
             data = request.get_json()
             if (
                 data.get("username", "")
                 and data.get("username", "") not in self.connected_users
+                and len(data.get("username", "")) < 128
             ):
                 session["name"] = data.get("username", session.get("name"))
-            self.web.add_request(
-                request.path,
-                {"id": history_id, "status_code": 200},
-            )
+                self.web.add_request(
+                    request.path,
+                    {"id": history_id, "status_code": 200},
+                )
 
-            self.web.add_request(self.web.REQUEST_LOAD, request.path)
-            r = make_response(
-                jsonify(
-                    username=session.get("name"),
-                    success=True,
+                self.web.add_request(self.web.REQUEST_LOAD, request.path)
+                r = make_response(
+                    jsonify(
+                        username=session.get("name"),
+                        success=True,
+                    )
+                )
+            else:
+                self.web.add_request(
+                    request.path,
+                    {"id": history_id, "status_code": 403},
+                )
+
+                r = make_response(
+                    jsonify(
+                        username=session.get("name"),
+                        success=False,
+                    )
                 )
-            )
             return self.web.add_security_headers(r)
 
         @self.web.socketio.on("joined", namespace="/chat")