Commit e6e8af28 authored by Administrator's avatar Administrator
Browse files

Fix login after session format change

parent e5f5020f
......@@ -161,7 +161,10 @@ class SecurityManager:
summary, hash = map(lambda s: s.encode("utf-8"), parts)
maccer = self.maccer.copy()
maccer.update(summary)
session_duration = datetime.now() - User.from_hashstring(string).timestamp
user = User.from_hashstring(string)
if user is None:
return False
session_duration = datetime.now() - user.timestamp
macs_equal = hmac.compare_digest(maccer.hexdigest().encode("utf-8"), hash)
time_short = int(session_duration.total_seconds()) < self.max_duration
return macs_equal and time_short
......
......@@ -1328,7 +1328,7 @@ def new_like():
@app.route("/login", methods=["GET", "POST"])
def login():
if "auth" in session:
if "auth" in session and current_user() is not None:
flash("You are already logged in.", "alert-success")
return redirect(request.args.get("next") or url_for("index"))
form = LoginForm()
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment