From 9eb6455cdbc8464316c459e163b1a9563bb03751 Mon Sep 17 00:00:00 2001
From: charliemirabile <46761267+charliemirabile@users.noreply.github.com>
Date: Tue, 2 Dec 2025 22:17:13 -0500
Subject: [PATCH 1/3] orbit: radius: remove javascript from logout button

We wanted to create a website without javascript but we used an `onclick`
handler that modifies `location.href` in order to navigate to `/logout`
when clicking the logout button. Instead, just make the button submit a
form that performs GET on `/logout`. This makes logging out possible
within e.g. `lynx` (currently the button does nothing an a message
indicating that the button is unsupported is displayed).
---
 orbit/radius.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/orbit/radius.py b/orbit/radius.py
index 6bd323b7..e0d4c598 100644
--- a/orbit/radius.py
+++ b/orbit/radius.py
@@ -296,8 +296,8 @@ def mk_form_welcome(session):
          </div>
     </div>
     <div class="logout_buttons">
-        <form id="logout">
-            <input class="logout" type="button" onclick="location.href='/logout';" value="Logout" />
+        <form id="logout" method="get" action="/logout">
+            <input class="logout" type="submit" value="Logout" />
         </form>
     </div>'''
 

From 4a7b935d7ba7ee9051dad88d087f9e1e8583ecc1 Mon Sep 17 00:00:00 2001
From: charliemirabile <46761267+charliemirabile@users.noreply.github.com>
Date: Tue, 2 Dec 2025 22:24:54 -0500
Subject: [PATCH 2/3] orbit: radius: reveal detailed feedback exactly on the
 deadline

Right now the second count needs to increment after the deadline passes
before the feedback is revealed when in fact the border should be right
when the second of the deadline starts. Fix by switching from `<` to `<=`.

This should also make CI less flaky since even though we wait for the
processing to finish, if it is started early within a given second and
finishes within that second and the curl is able to run it might be able
to catch the old generic feedback before the second advances and the
detailed feedback is revealed.
---
 orbit/radius.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/orbit/radius.py b/orbit/radius.py
index e0d4c598..60740337 100644
--- a/orbit/radius.py
+++ b/orbit/radius.py
@@ -463,7 +463,7 @@ def get_automated_feedback(self, attr):
             case 'final':
                 due_date = int(self.assignment.final_due_date)
 
-        if due_date < int(datetime.now().timestamp()):
+        if due_date <= int(datetime.now().timestamp()):
             return gbl.auto_feedback
 
         match gbl.auto_feedback[-1]:

From afd136aa6935837b07c139c3e5e191341cd56b14 Mon Sep 17 00:00:00 2001
From: charliemirabile <46761267+charliemirabile@users.noreply.github.com>
Date: Thu, 4 Dec 2025 12:26:17 -0500
Subject: [PATCH 3/3] orbit: radius: add cache control header to login

Lynx aggressively caches pages which means that an outdated version of the
login page might be displayed (showing the user as logged in when they
aren't or vice versa). Use `Cache-Control: no-cache` which makes lynx not
store the page and always fetch it. (Technically no-store would be better,
but I don't think lynx recognizes it)
---
 orbit/radius.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/orbit/radius.py b/orbit/radius.py
index 60740337..75d9d6db 100644
--- a/orbit/radius.py
+++ b/orbit/radius.py
@@ -321,6 +321,7 @@ def login_form(target_location=None):
 
 
 def handle_login(rocket):
+    rocket.headers += [('Cache-Control', 'no-cache')]
     target = rocket.queries_query('target')
 
     # harden the redirect to prevent csrf type attacks