Merge #2103

2103: Fix issue 2102 (bug introduced in 2098) r=mergify[bot] a=Diman0 ## What type of PR? Bug-fix ## What does this PR do? The changes to session management introduced in #2094 #2098 introduced new bugs. This PR addresses these. ### Related issue(s) - Auto close an issue like: closes #2102 ## Prerequisites Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago · cd8479414e
parent ee5fc81b07 51d94b8d14
commit cd8479414e
2 changed files with 9 additions and 5 deletions
--- a/core/admin/mailu/utils.py
+++ b/core/admin/mailu/utils.py
@ -300,7 +300,7 @@ class MailuSessionConfig:
    # default size of session key parts
    uid_bits = 64 # default if SESSION_KEY_BITS is not set in config
    sid_bits = 128 # for now. must be multiple of 8!
-    time_bits = 32 # for now. must be multiple of 8!
+    time_bits = 32 # for now. must be multiple of 8!  

    def __init__(self, app=None):

@ -341,6 +341,9 @@ class MailuSessionConfig:
    def parse_key(self, key, app=None, now=None):
        """ Split key into sid, uid and creation time. """

+        if app is None:
+            app = flask.current_app
+
        if not (isinstance(key, bytes) and self._key_min <= len(key) <= self._key_max):
            return None

@ -357,7 +360,7 @@ class MailuSessionConfig:
        if now is None:
            now = int(time.time())
        created = int.from_bytes(created, byteorder='big')
-        if not created <= now <= created + self.app.config['PERMANENT_SESSION_LIFETIME']:
+        if not created <= now <= created + app.config['PERMANENT_SESSION_LIFETIME']:
            return None

        return (uid, sid, crt)
@ -422,8 +425,8 @@ class MailuSessionExtension:

        count = 0
        for key in app.session_store.list():
-            if key.startswith('token-'):
-                if sessid := app.session_store.get(token):
+            if key.startswith(b'token-'):
+                if sessid := app.session_store.get(key):
                    if not app.session_config.parse_key(sessid, app, now=now):
                        app.session_store.delete(sessid)
                        app.session_store.delete(key)
@ -451,7 +454,7 @@ class MailuSessionExtension:

        count = 0
        for key in app.session_store.list(prefix):
-            if key not in keep and not key.startswith('token-'):
+            if key not in keep and not key.startswith(b'token-'):
                app.session_store.delete(key)
                count += 1

--- a/towncrier/newsfragments/2102.fix
+++ b/towncrier/newsfragments/2102.fix
@ -0,0 +1 @@
+Fix bug introduced by enhanced session management (PR #2098)
				`@ -0,0 +1 @@`
				`Fix bug introduced by enhanced session management (PR #2098)`