external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: make AURSID a session cookie if "remember me" is not checked

Browse source 
This should match more closely the expectation of a user.
A session cookie should vanish on browser close
and you thus they need to authenticate again.

There is no need to bump the expiration of AURSID either,
so we can remove that part.

Signed-off-by: moson-mo <mo-son@mailbox.org>
This commit is contained in:
moson-mo 2023-05-26 11:21:16 +02:00
parent 0807ae6b7c
commit 22fe4a988a
No known key found for this signature in database
GPG key ID: 4A4760AB4EE15296
5 changed files with 32 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

13
aurweb/templates.py
View file

@ -10,7 +10,7 @@ from fastapi import Request
from fastapi.responses import HTMLResponse
import aurweb.config
from aurweb import cookies, l10n, time
from aurweb import l10n, time
# Prepare jinja2 objects.
_loader = jinja2.FileSystemLoader(
@ -145,13 +145,4 @@ def render_template(
):
"""Render a template as an HTMLResponse."""
rendered = render_raw_template(request, path, context)
response = HTMLResponse(rendered, status_code=int(status_code))
sid = None
if request.user.is_authenticated():
sid = request.cookies.get("AURSID")
# Re-emit SID via update_response_cookies with an updated expiration.
# This extends the life of a user session based on the AURREMEMBER
# cookie, which is always set to the "Remember Me" state on login.
return cookies.update_response_cookies(request, response, aursid=sid)
return HTMLResponse(rendered, status_code=int(status_code))