mirror of
https://github.com/janeczku/calibre-web
synced 2024-12-18 06:00:32 +00:00
Fixes refactored user login from tests
This commit is contained in:
parent
155cf04536
commit
99e50bafc4
@ -185,7 +185,7 @@ def login_user(user, remember=False, duration=None, force=False, fresh=True):
|
||||
session["_user_id"] = user_id
|
||||
session["_fresh"] = fresh
|
||||
session["_id"] = current_app.login_manager._session_identifier_generator()
|
||||
session["_random"] = os.urandom(10).decode('utf-8')
|
||||
session["_random"] = os.urandom(10).hex()
|
||||
|
||||
if remember:
|
||||
session["_remember"] = "set"
|
||||
|
18
cps/ub.py
18
cps/ub.py
@ -71,8 +71,6 @@ def signal_store_user_session(object, user):
|
||||
|
||||
|
||||
def store_user_session():
|
||||
#if flask_session.get('user_id', ""):
|
||||
# flask_session['_user_id'] = flask_session.get('user_id', "")
|
||||
_user = flask_session.get('_user_id', "")
|
||||
_id = flask_session.get('_id', "")
|
||||
_random = flask_session.get('_random', "")
|
||||
@ -107,11 +105,19 @@ def delete_user_session(user_id, session_key):
|
||||
|
||||
def check_user_session(user_id, session_key):
|
||||
try:
|
||||
return bool(session.query(User_Sessions).filter(User_Sessions.user_id==user_id,
|
||||
User_Sessions.session_key==session_key).one_or_none())
|
||||
found = session.query(User_Sessions).filter(User_Sessions.user_id==user_id,
|
||||
User_Sessions.session_key==session_key).one_or_none()
|
||||
if found is not None:
|
||||
new_expiry = int((datetime.datetime.now() + datetime.timedelta(days=31)).timestamp())
|
||||
if new_expiry - found.expiry > 86400:
|
||||
found.expiry = new_expiry
|
||||
session.merge(found)
|
||||
session.commit()
|
||||
return bool(found)
|
||||
except (exc.OperationalError, exc.InvalidRequestError) as e:
|
||||
session.rollback()
|
||||
log.exception(e)
|
||||
return False
|
||||
|
||||
|
||||
user_logged_in.connect(signal_store_user_session)
|
||||
@ -341,7 +347,7 @@ class User_Sessions(Base):
|
||||
user_id = Column(Integer, ForeignKey('user.id'))
|
||||
session_key = Column(String, default="")
|
||||
random = Column(String, default="")
|
||||
expiry = Column(String, default="")
|
||||
expiry = Column(Integer)
|
||||
|
||||
|
||||
def __init__(self, user_id, session_key, random, expiry):
|
||||
@ -576,7 +582,7 @@ def migrate_user_session_table(engine, _session):
|
||||
with engine.connect() as conn:
|
||||
trans = conn.begin()
|
||||
conn.execute(text("ALTER TABLE user_session ADD column 'random' String"))
|
||||
conn.execute(text("ALTER TABLE user_session ADD column 'expiry' String"))
|
||||
conn.execute(text("ALTER TABLE user_session ADD column 'expiry' Integer"))
|
||||
trans.commit()
|
||||
|
||||
|
||||
|
@ -30,49 +30,7 @@ from . import lm, ub, config, logger, limiter, constants, services
|
||||
|
||||
|
||||
log = logger.create()
|
||||
|
||||
|
||||
'''class HTTPProxyAuth(HTTPAuth):
|
||||
def __init__(self, scheme='Proxy', realm=None, header=None):
|
||||
super(HTTPProxyAuth, self).__init__(scheme, realm, header)
|
||||
self.user = None
|
||||
self.verify_user_callback = None
|
||||
|
||||
def set_user(self, username):
|
||||
self.user = username if username else None
|
||||
|
||||
def verify_login(self, f):
|
||||
self.verify_user_callback = f
|
||||
return f
|
||||
|
||||
def login_required(self, f=None, role=None, optional=None):
|
||||
if f is not None and \
|
||||
(role is not None or optional is not None): # pragma: no cover
|
||||
raise ValueError(
|
||||
'role and optional are the only supported arguments')
|
||||
|
||||
def login_required_internal(f):
|
||||
@wraps(f)
|
||||
def decorated(*args, **kwargs):
|
||||
if self.user:
|
||||
g.flask_httpauth_user = self.user
|
||||
return self.ensure_sync(f)(*args, **kwargs)
|
||||
return decorated
|
||||
|
||||
if f:
|
||||
return login_required_internal(f)
|
||||
return login_required_internal
|
||||
|
||||
|
||||
|
||||
def authenticate(self, _auth, stored_password=None):
|
||||
req = getattr(_auth, 'req', '')
|
||||
if self.verify_user_callback:
|
||||
return self.ensure_sync(self.verify_user_callback)(req)'''
|
||||
|
||||
|
||||
auth = HTTPBasicAuth()
|
||||
# proxy_auth = HTTPProxyAuth()
|
||||
|
||||
|
||||
@auth.verify_password
|
||||
@ -169,11 +127,13 @@ def load_user_from_reverse_proxy_header(req):
|
||||
|
||||
@lm.user_loader
|
||||
def load_user(user_id, random, session_key):
|
||||
# log.info(f"user {user_id}, random {random}")
|
||||
# log.info(request)
|
||||
user = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
|
||||
entry = ub.session.query(ub.User_Sessions).filter(ub.User_Sessions.random == random,
|
||||
ub.User_Sessions.session_key == session_key).first()
|
||||
if entry and entry.id == user.id:
|
||||
return user
|
||||
else:
|
||||
return None
|
||||
if random and session_key:
|
||||
entry = ub.session.query(ub.User_Sessions).filter(ub.User_Sessions.random == random,
|
||||
ub.User_Sessions.session_key == session_key).first()
|
||||
if not entry or entry.user_id != user.id:
|
||||
return None
|
||||
return user
|
||||
|
||||
|
@ -1340,7 +1340,6 @@ def register():
|
||||
|
||||
def handle_login_user(user, remember, message, category):
|
||||
login_user(user, remember=remember)
|
||||
ub.store_user_session()
|
||||
flash(message, category=category)
|
||||
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
|
||||
return redirect(get_redirect_location(request.form.get('next', None), "web.index"))
|
||||
|
Loading…
Reference in New Issue
Block a user