diff --git a/auth.py b/auth.py
index 87b4d649bcfee469e6da50e2f0c58a2b6c5e6f54..42a5f4c70e28b90627b22520d811699efcf18032 100644
--- a/auth.py
+++ b/auth.py
@@ -161,7 +161,10 @@ class SecurityManager:
summary, hash = map(lambda s: s.encode("utf-8"), parts)
maccer = self.maccer.copy()
maccer.update(summary)
- session_duration = datetime.now() - User.from_hashstring(string).timestamp
+ user = User.from_hashstring(string)
+ if user is None:
+ return False
+ session_duration = datetime.now() - user.timestamp
macs_equal = hmac.compare_digest(maccer.hexdigest().encode("utf-8"), hash)
time_short = int(session_duration.total_seconds()) < self.max_duration
return macs_equal and time_short
diff --git a/migrations/versions/70547c924023_.py b/migrations/versions/70547c924023_.py
index be707774cfedcfa494e0679adc4ee90edece3ab1..b10ed219d528c80bc385e95c558d2d1449cf6cae 100644
--- a/migrations/versions/70547c924023_.py
+++ b/migrations/versions/70547c924023_.py
@@ -18,8 +18,10 @@ depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
- op.add_column('defaultmetas', sa.Column('prior', sa.Boolean(), nullable=False))
+ op.add_column('defaultmetas', sa.Column('prior', sa.Boolean(), nullable=True))
op.add_column('defaultmetas', sa.Column('value', sa.String(), nullable=True))
+ op.execute("UPDATE defaultmetas SET prior=FALSE")
+ op.alter_column("defaultmetas", "prior", nullable=False)
# ### end Alembic commands ###
diff --git a/server.py b/server.py
index 6e91019159a3a2ee57b90bd6bebf32189ed523b1..43f8af3258a37ace69ce0c1f7f201d0c9fba01f3 100755
--- a/server.py
+++ b/server.py
@@ -1327,7 +1327,7 @@ def new_like():
@app.route("/login", methods=["GET", "POST"])
def login():
- if "auth" in session:
+ if "auth" in session and current_user() is not None:
flash("You are already logged in.", "alert-success")
return redirect(request.args.get("next") or url_for("index"))
form = LoginForm()