From 3ee2c0749f00b860dc4852191e093615527848d4 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Tue, 21 Dec 2021 22:03:13 +0200 Subject: [PATCH] dsfsdf --- files/__main__.py | 2 +- files/classes/user.py | 3 +-- files/helpers/wrappers.py | 7 +++---- files/routes/login.py | 13 +++++-------- 4 files changed, 10 insertions(+), 15 deletions(-) diff --git a/files/__main__.py b/files/__main__.py index 837ee8341..21d4e155b 100644 --- a/files/__main__.py +++ b/files/__main__.py @@ -108,7 +108,7 @@ def before_request(): if not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages"): session.permanent = True - if not session.get("session_id"): session["session_id"] = secrets.token_hex(50) + if not session.get("session_id"): session["session_id"] = secrets.token_hex(52) if request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]: url = request.url.replace("http://", "https://", 1) diff --git a/files/classes/user.py b/files/classes/user.py index e27d7aac5..365e40118 100644 --- a/files/classes/user.py +++ b/files/classes/user.py @@ -300,8 +300,7 @@ class User(Base): @lazy def formkey(self): - if "session_id" not in session: - session["session_id"] = token_hex(50) + if "session_id" not in session: session["session_id"] = token_hex(52) msg = f"{session['session_id']}+{self.id}+{self.login_nonce}" diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index 4207b858e..f5bbf4a0c 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -14,14 +14,13 @@ def get_logged_in_user(): v.client = client return v else: - uid = session.get("user_id") nonce = session.get("login_nonce", 0) - logged_in = session.get("logged_in") + logged_in_user = session.get("logged_in_user") - if not uid or not logged_in or uid != logged_in: return None + if not logged_in_user: return None try: - if g.db: v = g.db.query(User).filter_by(id=logged_in).one_or_none() + if g.db: v = g.db.query(User).filter_by(id=logged_in_user).one_or_none() else: return None except: return None diff --git a/files/routes/login.py b/files/routes/login.py index fc325327f..ef97c9d76 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -134,9 +134,8 @@ def login_post(): else: abort(400) - session["user_id"] = account.id - session["logged_in"] = account.id - session["session_id"] = token_hex(50) + session["logged_in_user"] = account.id + session["session_id"] = token_hex(52) session["login_nonce"] = account.login_nonce session.permanent = True @@ -164,9 +163,8 @@ def me(v): @validate_formkey def logout(v): - session.pop("user_id", None) session.pop("session_id", None) - session.pop("logged_in", None) + session.pop("logged_in_user", None) return {"message": "Logout successful!"} @@ -340,9 +338,8 @@ def sign_up_post(v): if "rama" in request.host: send_notification(new_user.id, WELCOME_MSG) - session["user_id"] = new_user.id - session["logged_in"] = new_user.id - session["session_id"] = token_hex(50) + session["logged_in_user"] = new_user.id + session["session_id"] = token_hex(52) g.db.commit()