Fix login after session format change

e6e8af28 · Administrator · e5f5020f · e6e8af28 · e6e8af28
Commit e6e8af28 authored Apr 28, 2017 by Administrator
--- a/auth.py
+++ b/auth.py
@@ -161,7 +161,10 @@ class SecurityManager:
        summary, hash = map(lambda s: s.encode("utf-8"), parts)
        maccer = self.maccer.copy()
        maccer.update(summary)
-        session_duration = datetime.now() - User.from_hashstring(string).timestamp
+        user = User.from_hashstring(string)
+        if user is None:
+            return False
+        session_duration = datetime.now() - user.timestamp
        macs_equal = hmac.compare_digest(maccer.hexdigest().encode("utf-8"), hash)
        time_short = int(session_duration.total_seconds()) < self.max_duration 
        return macs_equal and time_short

--- a/server.py
+++ b/server.py
@@ -1328,7 +1328,7 @@ def new_like():

 @app.route("/login", methods=["GET", "POST"])
 def login():
-    if "auth" in session:
+    if "auth" in session and current_user() is not None:
        flash("You are already logged in.", "alert-success")
        return redirect(request.args.get("next") or url_for("index"))
    form = LoginForm()