Fix issue 2102

master
Dimitri Huisman 3 years ago
parent ee5fc81b07
commit 51d94b8d14

@ -300,7 +300,7 @@ class MailuSessionConfig:
# default size of session key parts # default size of session key parts
uid_bits = 64 # default if SESSION_KEY_BITS is not set in config uid_bits = 64 # default if SESSION_KEY_BITS is not set in config
sid_bits = 128 # for now. must be multiple of 8! sid_bits = 128 # for now. must be multiple of 8!
time_bits = 32 # for now. must be multiple of 8! time_bits = 32 # for now. must be multiple of 8!
def __init__(self, app=None): def __init__(self, app=None):
@ -341,6 +341,9 @@ class MailuSessionConfig:
def parse_key(self, key, app=None, now=None): def parse_key(self, key, app=None, now=None):
""" Split key into sid, uid and creation time. """ """ Split key into sid, uid and creation time. """
if app is None:
app = flask.current_app
if not (isinstance(key, bytes) and self._key_min <= len(key) <= self._key_max): if not (isinstance(key, bytes) and self._key_min <= len(key) <= self._key_max):
return None return None
@ -357,7 +360,7 @@ class MailuSessionConfig:
if now is None: if now is None:
now = int(time.time()) now = int(time.time())
created = int.from_bytes(created, byteorder='big') created = int.from_bytes(created, byteorder='big')
if not created <= now <= created + self.app.config['PERMANENT_SESSION_LIFETIME']: if not created <= now <= created + app.config['PERMANENT_SESSION_LIFETIME']:
return None return None
return (uid, sid, crt) return (uid, sid, crt)
@ -422,8 +425,8 @@ class MailuSessionExtension:
count = 0 count = 0
for key in app.session_store.list(): for key in app.session_store.list():
if key.startswith('token-'): if key.startswith(b'token-'):
if sessid := app.session_store.get(token): if sessid := app.session_store.get(key):
if not app.session_config.parse_key(sessid, app, now=now): if not app.session_config.parse_key(sessid, app, now=now):
app.session_store.delete(sessid) app.session_store.delete(sessid)
app.session_store.delete(key) app.session_store.delete(key)
@ -451,7 +454,7 @@ class MailuSessionExtension:
count = 0 count = 0
for key in app.session_store.list(prefix): for key in app.session_store.list(prefix):
if key not in keep and not key.startswith('token-'): if key not in keep and not key.startswith(b'token-'):
app.session_store.delete(key) app.session_store.delete(key)
count += 1 count += 1

@ -0,0 +1 @@
Fix bug introduced by enhanced session management (PR #2098)
Loading…
Cancel
Save