external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: properly evaluate AURREMEMBER cookie

Browse source 
Whenever the AURREMEMBER cookie was defined, regardless of its value,
"remember_me" is always set to True

The get method of a dict returns a string,
converting a value of str "False" into a bool -> True

We have to check AURREMEMBERs value instead.

Signed-off-by: moson-mo <mo-son@mailbox.org>
This commit is contained in:
moson-mo 2023-05-25 13:23:37 +02:00
parent 5fe375bdc3
commit 2eacc84cd0
No known key found for this signature in database
GPG key ID: 4A4760AB4EE15296
3 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
aurweb/auth/__init__.py
View file

@ -104,9 +104,7 @@ class BasicAuthBackend(AuthenticationBackend):
return unauthenticated
timeout = aurweb.config.getint("options", "login_timeout")
remembered = "AURREMEMBER" in conn.cookies and bool(
conn.cookies.get("AURREMEMBER")
)
remembered = conn.cookies.get("AURREMEMBER") == "True"
if remembered:
timeout = aurweb.config.getint("options", "persistent_cookie_timeout")

2
aurweb/cookies.py
View file

@ -65,7 +65,7 @@ def update_response_cookies(
"AURLANG", aurlang, secure=secure, httponly=secure, samesite=samesite()
)
if aursid:
remember_me = bool(request.cookies.get("AURREMEMBER", False))
remember_me = request.cookies.get("AURREMEMBER") == "True"
response.set_cookie(
"AURSID",
aursid,

2
aurweb/users/update.py
View file

@ -131,7 +131,7 @@ def password(
user.update_password(P)
if user == request.user:
remember_me = request.cookies.get("AURREMEMBER", False)
remember_me = request.cookies.get("AURREMEMBER") == "True"
# If the target user is the request user, login with
# the updated password to update the Session record.