chore: remove setting AURLANG and AURTZ on account edit

We don't need to set these cookies when an account is edited. These settings are saved to the DB anyways. (and they are picked up from there as well for any web requests, when no cookies are given) Setting these cookies can even be counter-productive: Imagine a TU/Dev editing another users account. They would overwrite their own cookies with the other users TZ/LANG settings. Signed-off-by: moson-mo <mo-son@mailbox.org>
2025-02-03 10:43:03 +01:00 · 2023-05-25 13:41:59 +02:00 · 2023-05-25 13:41:59 +02:00 · edc4ac332d
commit edc4ac332d
parent 2eacc84cd0
2 changed files with 2 additions and 16 deletions
--- a/aurweb/cookies.py
+++ b/aurweb/cookies.py
@ -38,8 +38,6 @@ def timeout(extended: bool) -> int:
 def update_response_cookies(
    request: Request,
    response: Response,
-    aurtz: str = None,
-    aurlang: str = None,
    aursid: str = None,
 ) -> Response:
    """Update session cookies. This method is particularly useful
@ -50,20 +48,10 @@ def update_response_cookies(

    :param request: FastAPI request
    :param response: FastAPI response
-    :param aurtz: Optional AURTZ cookie value
-    :param aurlang: Optional AURLANG cookie value
    :param aursid: Optional AURSID cookie value
    :returns: Updated response
    """
    secure = config.getboolean("options", "disable_http_login")
-    if aurtz:
-        response.set_cookie(
-            "AURTZ", aurtz, secure=secure, httponly=secure, samesite=samesite()
-        )
-    if aurlang:
-        response.set_cookie(
-            "AURLANG", aurlang, secure=secure, httponly=secure, samesite=samesite()
-        )
    if aursid:
        remember_me = request.cookies.get("AURREMEMBER") == "True"
        response.set_cookie(
--- a/aurweb/routers/accounts.py
+++ b/aurweb/routers/accounts.py
@ -8,7 +8,7 @@ from fastapi.responses import HTMLResponse, RedirectResponse
 from sqlalchemy import and_, or_

 import aurweb.config
-from aurweb import aur_logging, cookies, db, l10n, models, util
+from aurweb import aur_logging, db, l10n, models, util
 from aurweb.auth import account_type_required, creds, requires_auth, requires_guest
 from aurweb.captcha import get_captcha_salts
 from aurweb.exceptions import ValidationError, handle_form_exceptions
@ -473,9 +473,7 @@ async def account_edit_post(
    if not errors:
        context["complete"] = True

-    # Update cookies with requests, in case they were changed.
-    response = render_template(request, "account/edit.html", context)
-    return cookies.update_response_cookies(request, response, aurtz=TZ, aurlang=L)
+    return render_template(request, "account/edit.html", context)


@router.get("/account/{username}")