From fea029d2be162c73f9a70ee322106cd17f86452a Mon Sep 17 00:00:00 2001
From: Teddy Middleton-Smith <edward.middletonsmith@gmail.com>
Date: Fri, 31 Jan 2025 14:35:18 +0000
Subject: [PATCH] Fix(Auth): Flask Samesite attribute must be 'Lax' for OAuth
 login callback

---
 config.py                                 |  2 +-
 static/MySQL/0000_combined.sql            |  8 ++++++++
 static/MySQL/9000_populate.sql            |  8 ++++++++
 static/MySQL/deprecated/9001_add_user.sql | 14 ++++++++++++++
 4 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 static/MySQL/deprecated/9001_add_user.sql

diff --git a/config.py b/config.py
index aa81e1f4..2b758339 100644
--- a/config.py
+++ b/config.py
@@ -40,7 +40,7 @@ class Config:
     # Auth0
     SESSION_COOKIE_SECURE = True
     SESSION_COOKIE_HTTPONLY = True
-    SESSION_COOKIE_SAMESITE = 'Strict'
+    SESSION_COOKIE_SAMESITE = 'Lax' # 'Strict' # Strict is preferable for security, but Lax is required for OAuth functionality
     REMEMBER_COOKIE_SECURE = True
     # PERMANENT_SESSION_LIFETIME = 3600
     WTF_CSRF_ENABLED = True
diff --git a/static/MySQL/0000_combined.sql b/static/MySQL/0000_combined.sql
index 1ebcb3d3..1d55efd4 100644
--- a/static/MySQL/0000_combined.sql
+++ b/static/MySQL/0000_combined.sql
@@ -24738,6 +24738,14 @@ VALUES
 		, 'tierneybailey13@gmail.com' -- email
 		, 1 -- is_super_user
 		, 1 -- active
+	),
+	(
+		'auth0|679cc2fe0d652a47af90d16b' -- id_user_auth0
+        , 'Demo' -- firstname
+        , '' -- surname
+        , 'bot@partsltd.co.uk' -- email
+        , 0 -- is_super_user
+		, 1 -- active
 	)
 ;
 
diff --git a/static/MySQL/9000_populate.sql b/static/MySQL/9000_populate.sql
index 60e05e1b..da1712c0 100644
--- a/static/MySQL/9000_populate.sql
+++ b/static/MySQL/9000_populate.sql
@@ -900,6 +900,14 @@ VALUES
 		, 'tierneybailey13@gmail.com' -- email
 		, 1 -- is_super_user
 		, 1 -- active
+	),
+	(
+		'auth0|679cc2fe0d652a47af90d16b' -- id_user_auth0
+        , 'Demo' -- firstname
+        , '' -- surname
+        , 'bot@partsltd.co.uk' -- email
+        , 0 -- is_super_user
+		, 1 -- active
 	)
 ;
 
diff --git a/static/MySQL/deprecated/9001_add_user.sql b/static/MySQL/deprecated/9001_add_user.sql
new file mode 100644
index 00000000..daf03e61
--- /dev/null
+++ b/static/MySQL/deprecated/9001_add_user.sql
@@ -0,0 +1,14 @@
+USE partsltd_prod;
+
+INSERT INTO Shop_User (
+	id_user_auth0
+	, firstname
+    , surname
+	, email
+	, is_super_user
+    , active
+)
+VALUES ( 'auth0|679cc2fe0d652a47af90d16b'  , 'Demo'   , ''  , 'bot@partsltd.co.uk' , 0  , 1  );
+
+INSERT INTO Shop_User_Role_Link ( id_user, id_role )
+VALUES (4, 2);
\ No newline at end of file