mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
034288711b
This change removes cookie re-emission of AURLANG and AURTZ, adds the AURREMEMBER cookie (the state of the "Remember Me" checkbox on login), and re-emits AURSID based on the AURREMEMBER cookie. Previously, re-emission of AURSID was forcefully modifying the expiration of the AURSID cookie. The introduction of AURREMEMBER allows us to deduct the correct cookie expiration timing based on configuration variables. With this addition, we now re-emit the AURSID cookie with an updated expiration based on the "Remember Me" checkbox on login. Signed-off-by: Kevin Morris <kevr@0cost.org>
68 lines
2.5 KiB
Python
68 lines
2.5 KiB
Python
from fastapi import Request
|
|
from fastapi.responses import Response
|
|
|
|
from aurweb import config
|
|
|
|
|
|
def samesite() -> str:
|
|
""" Produce cookie SameSite value based on options.disable_http_login.
|
|
|
|
When options.disable_http_login is True, "strict" is returned. Otherwise,
|
|
"lax" is returned.
|
|
|
|
:returns "strict" if options.disable_http_login else "lax"
|
|
"""
|
|
secure = config.getboolean("options", "disable_http_login")
|
|
return "strict" if secure else "lax"
|
|
|
|
|
|
def timeout(extended: bool) -> int:
|
|
""" Produce a session timeout based on `remember_me`.
|
|
|
|
This method returns one of AUR_CONFIG's options.persistent_cookie_timeout
|
|
and options.login_timeout based on the `extended` argument.
|
|
|
|
The `extended` argument is typically the value of the AURREMEMBER
|
|
cookie, defaulted to False.
|
|
|
|
If `extended` is False, options.login_timeout is returned. Otherwise,
|
|
if `extended` is True, options.persistent_cookie_timeout is returned.
|
|
|
|
:param extended: Flag which generates an extended timeout when True
|
|
:returns: Cookie timeout based on configuration options
|
|
"""
|
|
timeout = config.getint("options", "login_timeout")
|
|
if bool(extended):
|
|
timeout = config.getint("options", "persistent_cookie_timeout")
|
|
return timeout
|
|
|
|
|
|
def update_response_cookies(request: Request, response: Response,
|
|
aurtz: str = None, aurlang: str = None,
|
|
aursid: str = None) -> Response:
|
|
""" Update session cookies. This method is particularly useful
|
|
when updating a cookie which was already set.
|
|
|
|
The AURSID cookie's expiration is based on the AURREMEMBER cookie,
|
|
which is retrieved from `request`.
|
|
|
|
:param request: FastAPI request
|
|
:param response: FastAPI response
|
|
:param aurtz: Optional AURTZ cookie value
|
|
:param aurlang: Optional AURLANG cookie value
|
|
:param aursid: Optional AURSID cookie value
|
|
:returns: Updated response
|
|
"""
|
|
secure = config.getboolean("options", "disable_http_login")
|
|
if aurtz:
|
|
response.set_cookie("AURTZ", aurtz, secure=secure, httponly=secure,
|
|
samesite=samesite())
|
|
if aurlang:
|
|
response.set_cookie("AURLANG", aurlang, secure=secure, httponly=secure,
|
|
samesite=samesite())
|
|
if aursid:
|
|
remember_me = bool(request.cookies.get("AURREMEMBER", False))
|
|
response.set_cookie("AURSID", aursid, secure=secure, httponly=secure,
|
|
max_age=timeout(remember_me),
|
|
samesite=samesite())
|
|
return response
|