lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Merge #2103

Browse Source 
2103: Fix issue 2102 (bug introduced in 2098) r=mergify[bot] a=Diman0

## What type of PR?

Bug-fix

## What does this PR do?
The changes to session management introduced in #2094 #2098 introduced new bugs. This PR addresses these.

### Related issue(s)
- Auto close an issue like: closes #2102

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
master
bors[bot] 3 years ago committed by GitHub
parent ee5fc81b07 51d94b8d14
commit cd8479414e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File

13
core/admin/mailu/utils.py
Unescape Escape View File

@ -300,7 +300,7 @@ class MailuSessionConfig:
# default size of session key parts # default size of session key parts
uid_bits = 64 # default if SESSION_KEY_BITS is not set in config uid_bits = 64 # default if SESSION_KEY_BITS is not set in config
sid_bits = 128 # for now. must be multiple of 8! sid_bits = 128 # for now. must be multiple of 8!
time_bits = 32 # for now. must be multiple of 8! time_bits = 32 # for now. must be multiple of 8!
def __init__(self, app=None): def __init__(self, app=None):
@ -341,6 +341,9 @@ class MailuSessionConfig:
def parse_key(self, key, app=None, now=None): def parse_key(self, key, app=None, now=None):
""" Split key into sid, uid and creation time. """ """ Split key into sid, uid and creation time. """
if app is None:
app = flask.current_app
if not (isinstance(key, bytes) and self._key_min <= len(key) <= self._key_max): if not (isinstance(key, bytes) and self._key_min <= len(key) <= self._key_max):
return None return None
@ -357,7 +360,7 @@ class MailuSessionConfig:
if now is None: if now is None:
now = int(time.time()) now = int(time.time())
created = int.from_bytes(created, byteorder='big') created = int.from_bytes(created, byteorder='big')
if not created <= now <= created + self.app.config['PERMANENT_SESSION_LIFETIME']: if not created <= now <= created + app.config['PERMANENT_SESSION_LIFETIME']:
return None return None
return (uid, sid, crt) return (uid, sid, crt)
@ -422,8 +425,8 @@ class MailuSessionExtension:
count = 0 count = 0
for key in app.session_store.list(): for key in app.session_store.list():
if key.startswith('token-'): if key.startswith(b'token-'):
if sessid := app.session_store.get(token): if sessid := app.session_store.get(key):
if not app.session_config.parse_key(sessid, app, now=now): if not app.session_config.parse_key(sessid, app, now=now):
app.session_store.delete(sessid) app.session_store.delete(sessid)
app.session_store.delete(key) app.session_store.delete(key)
@ -451,7 +454,7 @@ class MailuSessionExtension:
count = 0 count = 0
for key in app.session_store.list(prefix): for key in app.session_store.list(prefix):
if key not in keep and not key.startswith('token-'): if key not in keep and not key.startswith(b'token-'):
app.session_store.delete(key) app.session_store.delete(key)
count += 1 count += 1

1
towncrier/newsfragments/2102.fix
Unescape Escape View File

@ -0,0 +1 @@
Fix bug introduced by enhanced session management (PR #2098)
Write Preview
Loading…
Cancel
Save