2
0
mirror of https://github.com/janeczku/calibre-web synced 2024-11-10 01:13:33 +00:00

Fixes refactored user login from tests

This commit is contained in:
Ozzie Isaacs 2024-07-14 21:20:46 +02:00
parent 155cf04536
commit 99e50bafc4
4 changed files with 21 additions and 56 deletions

View File

@ -185,7 +185,7 @@ def login_user(user, remember=False, duration=None, force=False, fresh=True):
session["_user_id"] = user_id session["_user_id"] = user_id
session["_fresh"] = fresh session["_fresh"] = fresh
session["_id"] = current_app.login_manager._session_identifier_generator() session["_id"] = current_app.login_manager._session_identifier_generator()
session["_random"] = os.urandom(10).decode('utf-8') session["_random"] = os.urandom(10).hex()
if remember: if remember:
session["_remember"] = "set" session["_remember"] = "set"

View File

@ -71,8 +71,6 @@ def signal_store_user_session(object, user):
def store_user_session(): def store_user_session():
#if flask_session.get('user_id', ""):
# flask_session['_user_id'] = flask_session.get('user_id', "")
_user = flask_session.get('_user_id', "") _user = flask_session.get('_user_id', "")
_id = flask_session.get('_id', "") _id = flask_session.get('_id', "")
_random = flask_session.get('_random', "") _random = flask_session.get('_random', "")
@ -107,11 +105,19 @@ def delete_user_session(user_id, session_key):
def check_user_session(user_id, session_key): def check_user_session(user_id, session_key):
try: try:
return bool(session.query(User_Sessions).filter(User_Sessions.user_id==user_id, found = session.query(User_Sessions).filter(User_Sessions.user_id==user_id,
User_Sessions.session_key==session_key).one_or_none()) User_Sessions.session_key==session_key).one_or_none()
if found is not None:
new_expiry = int((datetime.datetime.now() + datetime.timedelta(days=31)).timestamp())
if new_expiry - found.expiry > 86400:
found.expiry = new_expiry
session.merge(found)
session.commit()
return bool(found)
except (exc.OperationalError, exc.InvalidRequestError) as e: except (exc.OperationalError, exc.InvalidRequestError) as e:
session.rollback() session.rollback()
log.exception(e) log.exception(e)
return False
user_logged_in.connect(signal_store_user_session) user_logged_in.connect(signal_store_user_session)
@ -341,7 +347,7 @@ class User_Sessions(Base):
user_id = Column(Integer, ForeignKey('user.id')) user_id = Column(Integer, ForeignKey('user.id'))
session_key = Column(String, default="") session_key = Column(String, default="")
random = Column(String, default="") random = Column(String, default="")
expiry = Column(String, default="") expiry = Column(Integer)
def __init__(self, user_id, session_key, random, expiry): def __init__(self, user_id, session_key, random, expiry):
@ -576,7 +582,7 @@ def migrate_user_session_table(engine, _session):
with engine.connect() as conn: with engine.connect() as conn:
trans = conn.begin() trans = conn.begin()
conn.execute(text("ALTER TABLE user_session ADD column 'random' String")) conn.execute(text("ALTER TABLE user_session ADD column 'random' String"))
conn.execute(text("ALTER TABLE user_session ADD column 'expiry' String")) conn.execute(text("ALTER TABLE user_session ADD column 'expiry' Integer"))
trans.commit() trans.commit()

View File

@ -30,49 +30,7 @@ from . import lm, ub, config, logger, limiter, constants, services
log = logger.create() log = logger.create()
'''class HTTPProxyAuth(HTTPAuth):
def __init__(self, scheme='Proxy', realm=None, header=None):
super(HTTPProxyAuth, self).__init__(scheme, realm, header)
self.user = None
self.verify_user_callback = None
def set_user(self, username):
self.user = username if username else None
def verify_login(self, f):
self.verify_user_callback = f
return f
def login_required(self, f=None, role=None, optional=None):
if f is not None and \
(role is not None or optional is not None): # pragma: no cover
raise ValueError(
'role and optional are the only supported arguments')
def login_required_internal(f):
@wraps(f)
def decorated(*args, **kwargs):
if self.user:
g.flask_httpauth_user = self.user
return self.ensure_sync(f)(*args, **kwargs)
return decorated
if f:
return login_required_internal(f)
return login_required_internal
def authenticate(self, _auth, stored_password=None):
req = getattr(_auth, 'req', '')
if self.verify_user_callback:
return self.ensure_sync(self.verify_user_callback)(req)'''
auth = HTTPBasicAuth() auth = HTTPBasicAuth()
# proxy_auth = HTTPProxyAuth()
@auth.verify_password @auth.verify_password
@ -169,11 +127,13 @@ def load_user_from_reverse_proxy_header(req):
@lm.user_loader @lm.user_loader
def load_user(user_id, random, session_key): def load_user(user_id, random, session_key):
# log.info(f"user {user_id}, random {random}")
# log.info(request)
user = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first() user = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
entry = ub.session.query(ub.User_Sessions).filter(ub.User_Sessions.random == random, if random and session_key:
ub.User_Sessions.session_key == session_key).first() entry = ub.session.query(ub.User_Sessions).filter(ub.User_Sessions.random == random,
if entry and entry.id == user.id: ub.User_Sessions.session_key == session_key).first()
return user if not entry or entry.user_id != user.id:
else: return None
return None return user

View File

@ -1340,7 +1340,6 @@ def register():
def handle_login_user(user, remember, message, category): def handle_login_user(user, remember, message, category):
login_user(user, remember=remember) login_user(user, remember=remember)
ub.store_user_session()
flash(message, category=category) flash(message, category=category)
[limiter.limiter.storage.clear(k.key) for k in limiter.current_limits] [limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
return redirect(get_redirect_location(request.form.get('next', None), "web.index")) return redirect(get_redirect_location(request.form.get('next', None), "web.index"))