external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: remove setting AURLANG and AURTZ on account edit

Browse source 
We don't need to set these cookies when an account is edited.
These settings are saved to the DB anyways.
(and they are picked up from there as well for any web requests,
when no cookies are given)

Setting these cookies can even be counter-productive:
Imagine a TU/Dev editing another users account.
They would overwrite their own cookies with the other users TZ/LANG settings.

Signed-off-by: moson-mo <mo-son@mailbox.org>
This commit is contained in:
moson-mo 2023-05-25 13:41:59 +02:00
parent 2eacc84cd0
commit edc4ac332d
No known key found for this signature in database
GPG key ID: 4A4760AB4EE15296
2 changed files with 2 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

12
aurweb/cookies.py
View file

@ -38,8 +38,6 @@ def timeout(extended: bool) -> int:
def update_response_cookies( def update_response_cookies(
request: Request, request: Request,
response: Response, response: Response,
aurtz: str = None,
aurlang: str = None,
aursid: str = None, aursid: str = None,
) -> Response: ) -> Response:
"""Update session cookies. This method is particularly useful """Update session cookies. This method is particularly useful
@ -50,20 +48,10 @@ def update_response_cookies(
:param request: FastAPI request :param request: FastAPI request
:param response: FastAPI response :param response: FastAPI response
:param aurtz: Optional AURTZ cookie value
:param aurlang: Optional AURLANG cookie value
:param aursid: Optional AURSID cookie value :param aursid: Optional AURSID cookie value
:returns: Updated response :returns: Updated response
""" """
secure = config.getboolean("options", "disable_http_login") secure = config.getboolean("options", "disable_http_login")
if aurtz:
response.set_cookie(
"AURTZ", aurtz, secure=secure, httponly=secure, samesite=samesite()
)
if aurlang:
response.set_cookie(
"AURLANG", aurlang, secure=secure, httponly=secure, samesite=samesite()
)
if aursid: if aursid:
remember_me = request.cookies.get("AURREMEMBER") == "True" remember_me = request.cookies.get("AURREMEMBER") == "True"
response.set_cookie( response.set_cookie(

6
aurweb/routers/accounts.py
View file

@ -8,7 +8,7 @@ from fastapi.responses import HTMLResponse, RedirectResponse
from sqlalchemy import and_, or_ from sqlalchemy import and_, or_
import aurweb.config import aurweb.config
from aurweb import aur_logging, cookies, db, l10n, models, util from aurweb import aur_logging, db, l10n, models, util
from aurweb.auth import account_type_required, creds, requires_auth, requires_guest from aurweb.auth import account_type_required, creds, requires_auth, requires_guest
from aurweb.captcha import get_captcha_salts from aurweb.captcha import get_captcha_salts
from aurweb.exceptions import ValidationError, handle_form_exceptions from aurweb.exceptions import ValidationError, handle_form_exceptions
@ -473,9 +473,7 @@ async def account_edit_post(
if not errors: if not errors:
context["complete"] = True context["complete"] = True
# Update cookies with requests, in case they were changed. return render_template(request, "account/edit.html", context)
response = render_template(request, "account/edit.html", context)
return cookies.update_response_cookies(request, response, aurtz=TZ, aurlang=L)
@router.get("/account/{username}") @router.get("/account/{username}")