davejansen/snikket-web-portal
1
0
Fork 0
Code Issues Pull Requests Activity

Fix various edge cases around stale sessions

Browse Source 
If a session cookie is set, but prosody doesn’t know about the
session anymore, we could get into fun states. This patch fixes
them by requiring the session to be tested with a ping request
on each HTTP request.
This commit is contained in:
Jonas Schäfer
2020-03-07 13:10:49 +01:00
parent 5ee2d97eb6
commit 71733adc90
3 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
snikket_web/user/__init__.py
View File

@@ -55,12 +55,14 @@ class ProfileForm(FlaskForm):
@user_bp.route("/")
@client.require_session()
async def index():
user_info = await client.get_user_info()
return await render_template("user_home.html", user_info=user_info)
@user_bp.route('/passwd', methods=["GET", "POST"])
@client.require_session()
async def change_pw():
form = ChangePasswordForm()
if form.validate_on_submit():
@@ -82,6 +84,7 @@ async def change_pw():
@user_bp.route("/profile", methods=["GET", "POST"])
@client.require_session()
async def profile():
form = ProfileForm()
if request.method != "POST":
@@ -106,6 +109,7 @@ async def profile():
@user_bp.route("/logout", methods=["GET", "POST"])
@client.require_session()
async def logout():
form = LogoutForm()
if form.validate_on_submit():