From cb5c9b03bf734f3e671bc0ee5134d88050fb79b0 Mon Sep 17 00:00:00 2001
From: Vlad Stan <stan.v.vlad@gmail.com>
Date: Thu, 7 Mar 2024 11:22:42 +0200
Subject: [PATCH] Fix login logout on safari (#2309)

* fix: relax security level for public cookies

* fix: corner case for logout
---
 lnbits/app.py                 |  4 +---
 lnbits/core/views/auth_api.py | 10 ++++------
 lnbits/core/views/generic.py  |  4 +---
 3 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/lnbits/app.py b/lnbits/app.py
index 26895ce0e..4df9f2959 100644
--- a/lnbits/app.py
+++ b/lnbits/app.py
@@ -535,9 +535,7 @@ def register_exception_handlers(app: FastAPI):
                 response = RedirectResponse("/")
                 response.delete_cookie("cookie_access_token")
                 response.delete_cookie("is_lnbits_user_authorized")
-                response.set_cookie(
-                    "is_access_token_expired", "true", samesite="none", secure=True
-                )
+                response.set_cookie("is_access_token_expired", "true")
                 return response
 
             return template_renderer().TemplateResponse(
diff --git a/lnbits/core/views/auth_api.py b/lnbits/core/views/auth_api.py
index ed38641b9..5321ed63e 100644
--- a/lnbits/core/views/auth_api.py
+++ b/lnbits/core/views/auth_api.py
@@ -142,6 +142,8 @@ async def logout() -> JSONResponse:
     response.delete_cookie("cookie_access_token")
     response.delete_cookie("is_lnbits_user_authorized")
     response.delete_cookie("is_access_token_expired")
+    response.delete_cookie("lnbits_last_active_wallet")
+
     return response
 
 
@@ -286,9 +288,7 @@ def _auth_success_response(
     )
     response = JSONResponse({"access_token": access_token, "token_type": "bearer"})
     response.set_cookie("cookie_access_token", access_token, httponly=True)
-    response.set_cookie(
-        "is_lnbits_user_authorized", "true", samesite="none", secure=True
-    )
+    response.set_cookie("is_lnbits_user_authorized", "true")
     response.delete_cookie("is_access_token_expired")
 
     return response
@@ -298,9 +298,7 @@ def _auth_redirect_response(path: str, email: str) -> RedirectResponse:
     access_token = create_access_token(data={"sub": "" or "", "email": email})
     response = RedirectResponse(path)
     response.set_cookie("cookie_access_token", access_token, httponly=True)
-    response.set_cookie(
-        "is_lnbits_user_authorized", "true", samesite="none", secure=True
-    )
+    response.set_cookie("is_lnbits_user_authorized", "true")
     response.delete_cookie("is_access_token_expired")
     return response
 
diff --git a/lnbits/core/views/generic.py b/lnbits/core/views/generic.py
index 7e3c9da03..2b3be6edf 100644
--- a/lnbits/core/views/generic.py
+++ b/lnbits/core/views/generic.py
@@ -221,9 +221,7 @@ async def wallet(
             "web_manifest": f"/manifest/{user.id}.webmanifest",
         },
     )
-    resp.set_cookie(
-        "lnbits_last_active_wallet", wallet_id, samesite="none", secure=True
-    )
+    resp.set_cookie("lnbits_last_active_wallet", wallet_id)
     return resp