2103: Fix issue 2102 (bug introduced in 2098) r=mergify[bot] a=Diman0

## What type of PR?

Bug-fix

## What does this PR do?
The changes to session management introduced in #2094 #2098 introduced new bugs. This PR addresses these.

### Related issue(s)
- Auto close an issue like: closes #2102

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
master
bors[bot] 3 years ago committed by GitHub
commit cd8479414e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -300,7 +300,7 @@ class MailuSessionConfig:
# default size of session key parts # default size of session key parts
uid_bits = 64 # default if SESSION_KEY_BITS is not set in config uid_bits = 64 # default if SESSION_KEY_BITS is not set in config
sid_bits = 128 # for now. must be multiple of 8! sid_bits = 128 # for now. must be multiple of 8!
time_bits = 32 # for now. must be multiple of 8! time_bits = 32 # for now. must be multiple of 8!
def __init__(self, app=None): def __init__(self, app=None):
@ -341,6 +341,9 @@ class MailuSessionConfig:
def parse_key(self, key, app=None, now=None): def parse_key(self, key, app=None, now=None):
""" Split key into sid, uid and creation time. """ """ Split key into sid, uid and creation time. """
if app is None:
app = flask.current_app
if not (isinstance(key, bytes) and self._key_min <= len(key) <= self._key_max): if not (isinstance(key, bytes) and self._key_min <= len(key) <= self._key_max):
return None return None
@ -357,7 +360,7 @@ class MailuSessionConfig:
if now is None: if now is None:
now = int(time.time()) now = int(time.time())
created = int.from_bytes(created, byteorder='big') created = int.from_bytes(created, byteorder='big')
if not created <= now <= created + self.app.config['PERMANENT_SESSION_LIFETIME']: if not created <= now <= created + app.config['PERMANENT_SESSION_LIFETIME']:
return None return None
return (uid, sid, crt) return (uid, sid, crt)
@ -422,8 +425,8 @@ class MailuSessionExtension:
count = 0 count = 0
for key in app.session_store.list(): for key in app.session_store.list():
if key.startswith('token-'): if key.startswith(b'token-'):
if sessid := app.session_store.get(token): if sessid := app.session_store.get(key):
if not app.session_config.parse_key(sessid, app, now=now): if not app.session_config.parse_key(sessid, app, now=now):
app.session_store.delete(sessid) app.session_store.delete(sessid)
app.session_store.delete(key) app.session_store.delete(key)
@ -451,7 +454,7 @@ class MailuSessionExtension:
count = 0 count = 0
for key in app.session_store.list(prefix): for key in app.session_store.list(prefix):
if key not in keep and not key.startswith('token-'): if key not in keep and not key.startswith(b'token-'):
app.session_store.delete(key) app.session_store.delete(key)
count += 1 count += 1

@ -0,0 +1 @@
Fix bug introduced by enhanced session management (PR #2098)
Loading…
Cancel
Save