agdsn · agmes4 · Feb 5, 2026 · Feb 3, 2026
diff --git a/identman/blueprints/__init__.py b/identman/blueprints/__init__.py
@@ -57,8 +57,13 @@ async def challenge(request: Request, csrf_protect: CsrfProtect = Depends()):
         logger.debug(f"decrypted String: {plain}")
         message = Message.validate(json.loads(plain))
         data = message.model_dump(exclude_none=True)
-    except (JSONDecodeError, InvalidTag, ValueError, binascii.Error, argon2.exceptions.HashingError) as e:
-        logger.warning(f"Dexryption/Parsing Error: {e}")
+    except (JSONDecodeError, ValueError) as e:
+        logger.debug(f"Decode Error: {e}")
+        response = JSONResponse(status_code=400, content={"error": "Invalider QR Code"})
+        csrf_protect.unset_csrf_cookie(response)
+        return response
+    except (InvalidTag, argon2.exceptions.HashingError) as e:
+        logger.warning(f"Decryption Error: {e}")
         response = JSONResponse(status_code=400, content={"error": "Invalider QR Code"})
         csrf_protect.unset_csrf_cookie(response)
         return response

diff --git a/identman/helper/api.py b/identman/helper/api.py
@@ -10,6 +10,8 @@
 from .settings import settings, FileAPISettings, DummyAPISettings, PycroftAPISettings
 import httpx
 
+logger = logging.getLogger(__name__)
+
 class API(ABC):
     def __init__(self, url: str = "", api_key: str = ""):
         self.url = url
@@ -48,9 +50,10 @@ def __init__(self, path: str):
     def check_user(self, data):
         data_list = [str(value) for key, value in data.items()]
         with open(self.path) as file:
-            reader = csv.reader(file)
-            for subset in reader:
-                if set(subset).issubset(data_list):
+            user_list = csv.reader(file)
+            for user in user_list:
+                if set(data_list).issubset(user):
+                    logger.info(f"Found user: {user} which matches {data_list}")
                     return True
             return False
 

diff --git a/identman/helper/decryption.py b/identman/helper/decryption.py
@@ -14,7 +14,7 @@ class Message(BaseModel):
     name: str
     fname: str
     byear: Optional[int] = None
-    uid: int
+    uid: str
 
     @field_validator('byear', mode='before')
     def empty_str_to_none(cls, v):

diff --git a/identman/helper/helpers.py b/identman/helper/helpers.py
@@ -1,4 +1,3 @@
-import numbers
 from cryptography.hazmat.primitives import hashes
 import logging
 

diff --git a/identman/helper/settings.py b/identman/helper/settings.py
@@ -6,6 +6,8 @@
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
 
+logger = logging.getLogger(__name__)
+
 class CsrfSettings(BaseSettings):
   secret_key: str = "Top secret"
   cookie_samesite: str = "none"
@@ -31,7 +33,7 @@ class DummyAPISettings(BaseSettings):
 class Settings(BaseSettings):
     model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8")
 
-    cors_origins: List[str] = ["http://localhost", "http://127.0.0.1:3000", "http://127.0.0.1", "https://127.0.0.1"]
+    cors_origins: List[str] = ["http://localhost", "http://127.0.0.1:3000", "http://localhost:5173", "http://127.0.0.1:5173", "http://127.0.0.1", "https://127.0.0.1"]
     backend: str = "sample"
     leading_zeros: int = 4
     csrf_settings: CsrfSettings = CsrfSettings()
@@ -50,14 +52,16 @@ def get_loglevel(self) -> int | None:
 
 class Secrets(BaseSettings):
     secret: str = "Hallo"
-    salt: str = "2025"
+    salt: str = "2026"
     csrf_key: str = "Top secret"
 
 
 if not os.getenv("CONFIG"):
     settings = Settings()
     secrets = Secrets()
+    logger.warning(f"Using default config with decryption secret: {secrets.secret} and salt: {secrets.salt}!")
 else:
+    logger.info("Loading config from envs!")
     secrets = Secrets(
         secret=os.getenv("API_DECRYPT_PASSWORD"),
         salt=os.getenv("API_SALT"),