external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

change(python): rework session timing

Browse source 
Previously, we were just relying on the cookie expiration
for sessions to expire. We were not cleaning up Session
records either.

Rework timing to depend on an AURREMEMBER cookie which is
now emitted on login during BasicAuthBackend processing.

If the SID does still have a session but it's expired,
we now delete the session record before returning.

Otherwise, we update the session's LastUpdateTS to
the current time.

In addition, stored the unauthenticated result value
in a variable to reduce redundancy.

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2021-12-04 02:12:20 -08:00
parent f8bef16d32
commit 8501bba0ac
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
5 changed files with 50 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

8
aurweb/models/user.py
View file

@ -123,10 +123,6 @@ class User(Base):
for i in range(tries):
exc = None
now_ts = datetime.utcnow().timestamp()
session_ts = now_ts + (
session_time if session_time
else aurweb.config.getint("options", "login_timeout")
)
try:
with db.begin():
self.LastLogin = now_ts
@ -135,12 +131,12 @@ class User(Base):
sid = generate_unique_sid()
self.session = db.create(Session, User=self,
SessionID=sid,
LastUpdateTS=session_ts)
LastUpdateTS=now_ts)
else:
last_updated = self.session.LastUpdateTS
if last_updated and last_updated < now_ts:
self.session.SessionID = generate_unique_sid()
self.session.LastUpdateTS = session_ts
self.session.LastUpdateTS = now_ts
break
except IntegrityError as exc_:
exc = exc_