From edc4ac332d1872c8b4b5fab5d9e789d66d36f795 Mon Sep 17 00:00:00 2001
From: moson-mo <mo-son@mailbox.org>
Date: Thu, 25 May 2023 13:41:59 +0200
Subject: [PATCH] chore: remove setting AURLANG and AURTZ on account edit

We don't need to set these cookies when an account is edited.
These settings are saved to the DB anyways.
(and they are picked up from there as well for any web requests,
when no cookies are given)

Setting these cookies can even be counter-productive:
Imagine a TU/Dev editing another users account.
They would overwrite their own cookies with the other users TZ/LANG settings.

Signed-off-by: moson-mo <mo-son@mailbox.org>
---
 aurweb/cookies.py          | 12 ------------
 aurweb/routers/accounts.py |  6 ++----
 2 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/aurweb/cookies.py b/aurweb/cookies.py
index 2bfcf7a7..cb4396d7 100644
--- a/aurweb/cookies.py
+++ b/aurweb/cookies.py
@@ -38,8 +38,6 @@ def timeout(extended: bool) -> int:
 def update_response_cookies(
     request: Request,
     response: Response,
-    aurtz: str = None,
-    aurlang: str = None,
     aursid: str = None,
 ) -> Response:
     """Update session cookies. This method is particularly useful
@@ -50,20 +48,10 @@ def update_response_cookies(
 
     :param request: FastAPI request
     :param response: FastAPI response
-    :param aurtz: Optional AURTZ cookie value
-    :param aurlang: Optional AURLANG cookie value
     :param aursid: Optional AURSID cookie value
     :returns: Updated response
     """
     secure = config.getboolean("options", "disable_http_login")
-    if aurtz:
-        response.set_cookie(
-            "AURTZ", aurtz, secure=secure, httponly=secure, samesite=samesite()
-        )
-    if aurlang:
-        response.set_cookie(
-            "AURLANG", aurlang, secure=secure, httponly=secure, samesite=samesite()
-        )
     if aursid:
         remember_me = request.cookies.get("AURREMEMBER") == "True"
         response.set_cookie(
diff --git a/aurweb/routers/accounts.py b/aurweb/routers/accounts.py
index 77988d7f..010aae58 100644
--- a/aurweb/routers/accounts.py
+++ b/aurweb/routers/accounts.py
@@ -8,7 +8,7 @@ from fastapi.responses import HTMLResponse, RedirectResponse
 from sqlalchemy import and_, or_
 
 import aurweb.config
-from aurweb import aur_logging, cookies, db, l10n, models, util
+from aurweb import aur_logging, db, l10n, models, util
 from aurweb.auth import account_type_required, creds, requires_auth, requires_guest
 from aurweb.captcha import get_captcha_salts
 from aurweb.exceptions import ValidationError, handle_form_exceptions
@@ -473,9 +473,7 @@ async def account_edit_post(
     if not errors:
         context["complete"] = True
 
-    # Update cookies with requests, in case they were changed.
-    response = render_template(request, "account/edit.html", context)
-    return cookies.update_response_cookies(request, response, aurtz=TZ, aurlang=L)
+    return render_template(request, "account/edit.html", context)
 
 
 @router.get("/account/{username}")