Update AppImage

2025-11-18 11:36:17 +00:00 · 2025-11-13 19:51:42 +01:00
parent 307ed0c637
commit 3883039764
2 changed files with 25 additions and 22 deletions
--- a/AppImage/scripts/flask_auth_routes.py
+++ b/AppImage/scripts/flask_auth_routes.py
@@ -231,17 +231,25 @@ def totp_disable():
 def generate_api_token():
    """Generate a long-lived API token for external integrations (Homepage, Home Assistant, etc.)"""
    try:
-        token = request.headers.get('Authorization', '').replace('Bearer ', '')
+        auth_header = request.headers.get('Authorization', '')
+        token = auth_header.replace('Bearer ', '')
+        
+        if not token:
+            return jsonify({"success": False, "message": "Unauthorized. Please log in first."}), 401
+        
        username = auth_manager.verify_token(token)
        
        if not username:
-            return jsonify({"success": False, "message": "Unauthorized. Please log in first."}), 401
+            return jsonify({"success": False, "message": "Invalid or expired session. Please log in again."}), 401
        
        data = request.json
        password = data.get('password')
        totp_token = data.get('totp_token')  # Optional 2FA token
        token_name = data.get('token_name', 'API Token')  # Optional token description
        
+        if not password:
+            return jsonify({"success": False, "message": "Password is required"}), 400
+        
        # Authenticate user with password and optional 2FA
        success, _, requires_totp, message = auth_manager.authenticate(username, password, totp_token)
        
@@ -266,4 +274,5 @@ def generate_api_token():
        else:
            return jsonify({"success": False, "message": message}), 401
    except Exception as e:
-        return jsonify({"success": False, "message": str(e)}), 500
+        print(f"[ERROR] generate_api_token: {str(e)}")  # Log error for debugging
+        return jsonify({"success": False, "message": f"Internal error: {str(e)}"}), 500