external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(fastapi): rework cookies - do not re-emit generically

Browse source 
This change removes cookie re-emission of AURLANG and AURTZ,
adds the AURREMEMBER cookie (the state of the "Remember Me"
checkbox on login), and re-emits AURSID based on the AURREMEMBER
cookie.

Previously, re-emission of AURSID was forcefully modifying
the expiration of the AURSID cookie. The introduction of
AURREMEMBER allows us to deduct the correct cookie expiration
timing based on configuration variables. With this addition,
we now re-emit the AURSID cookie with an updated expiration
based on the "Remember Me" checkbox on login.

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-10-28 00:11:23 -07:00
parent 7418c33a30
commit 034288711b
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
6 changed files with 100 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

23
aurweb/util.py
View file

@ -14,7 +14,6 @@ from zoneinfo import ZoneInfo
import fastapi
from email_validator import EmailNotValidError, EmailUndeliverableError, validate_email
from fastapi.responses import Response
from jinja2 import pass_context
import aurweb.config
@ -103,16 +102,6 @@ def valid_ssh_pubkey(pk):
return base64.b64encode(base64.b64decode(tokens[1])).decode() == tokens[1]
def migrate_cookies(request, response):
whitelist = {"AURSID", "AURTZ", "AURLANG"}
secure_cookies = aurweb.config.getboolean("options", "disable_http_login")
for k, v in request.cookies.items():
if k in whitelist:
response.set_cookie(k, v, secure=secure_cookies, httponly=True)
return add_samesite_fields(response, "strict")
@pass_context
def account_url(context, user):
request = context.get("request")
@ -159,18 +148,6 @@ def jsonify(obj):
return obj
def add_samesite_fields(response: Response, value: str):
""" Set the SameSite field on all cookie headers found.
Taken from https://github.com/tiangolo/fastapi/issues/1099. """
for idx, header in enumerate(response.raw_headers):
if header[0].decode() == "set-cookie":
cookie = header[1].decode()
if f"SameSite={value}" not in cookie:
cookie += f"; SameSite={value}"
response.raw_headers[idx] = (header[0], cookie.encode())
return response
def get_ssh_fingerprints():
return aurweb.config.get_section("fingerprints") or {}