From 397b0ae4d9c8a46910e4476334e7ddac3c945a4f Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Sat, 24 Jul 2021 16:18:12 +0200 Subject: [PATCH] fd --- drama/classes/user.py | 3 +-- drama/helpers/wrappers.py | 9 +++------ drama/routes/admin.py | 12 ++++-------- 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/drama/classes/user.py b/drama/classes/user.py index c6855858b..4e39fca98 100644 --- a/drama/classes/user.py +++ b/drama/classes/user.py @@ -388,8 +388,7 @@ class User(Base, Stndrd, Age_times): @property def formkey(self): - if "session_id" not in session: - session["session_id"] = token_hex(16) + if "session_id" not in session: session["session_id"] = token_hex(16) msg = f"{session['session_id']}+{self.id}+{self.login_nonce}" diff --git a/drama/helpers/wrappers.py b/drama/helpers/wrappers.py index 9efcf94ef..2b8801de0 100644 --- a/drama/helpers/wrappers.py +++ b/drama/helpers/wrappers.py @@ -375,14 +375,11 @@ def validate_formkey(f): if not request.path.startswith("/api/v1"): - submitted_key = request.values.get("formkey", "none") + submitted_key = request.values.get("formkey", None) - if not submitted_key: + if not submitted_key: abort(401) - abort(401) - - elif not v.validate_formkey(submitted_key): - abort(401) + elif not v.validate_formkey(submitted_key): abort(401) return f(*args, v=v, **kwargs) diff --git a/drama/routes/admin.py b/drama/routes/admin.py index 6a6e8717a..e87403dce 100644 --- a/drama/routes/admin.py +++ b/drama/routes/admin.py @@ -275,28 +275,24 @@ def admin_vote_info_get(v): ups = g.db.query(Vote ).options(joinedload(Vote.user) ).filter_by(submission_id=thing.id, vote_type=1 - ).order_by(Vote.creation_ip.asc() - ).all() + ).all() downs = g.db.query(Vote ).options(joinedload(Vote.user) ).filter_by(submission_id=thing.id, vote_type=-1 - ).order_by(Vote.creation_ip.asc() - ).all() + ).all() elif isinstance(thing, Comment): ups = g.db.query(CommentVote ).options(joinedload(CommentVote.user) ).filter_by(comment_id=thing.id, vote_type=1 - ).order_by(CommentVote.creation_ip.asc() - ).all() + ).all() downs = g.db.query(CommentVote ).options(joinedload(CommentVote.user) ).filter_by(comment_id=thing.id, vote_type=-1 - ).order_by(CommentVote.creation_ip.asc() - ).all() + ).all() else: abort(400)