From e6e8af283891df7fe7a67269555381231b2b96f5 Mon Sep 17 00:00:00 2001
From: FSMPI Admin-Team <admin@fsmpi.rwth-aachen.de>
Date: Fri, 28 Apr 2017 16:02:02 +0200
Subject: [PATCH] Fix login after session format change

---
 auth.py   | 5 ++++-
 server.py | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/auth.py b/auth.py
index 87b4d64..42a5f4c 100644
--- a/auth.py
+++ b/auth.py
@@ -161,7 +161,10 @@ class SecurityManager:
         summary, hash = map(lambda s: s.encode("utf-8"), parts)
         maccer = self.maccer.copy()
         maccer.update(summary)
-        session_duration = datetime.now() - User.from_hashstring(string).timestamp
+        user = User.from_hashstring(string)
+        if user is None:
+            return False
+        session_duration = datetime.now() - user.timestamp
         macs_equal = hmac.compare_digest(maccer.hexdigest().encode("utf-8"), hash)
         time_short = int(session_duration.total_seconds()) < self.max_duration 
         return macs_equal and time_short
diff --git a/server.py b/server.py
index de2fbe8..543a9c1 100755
--- a/server.py
+++ b/server.py
@@ -1328,7 +1328,7 @@ def new_like():
 
 @app.route("/login", methods=["GET", "POST"])
 def login():
-    if "auth" in session:
+    if "auth" in session and current_user() is not None:
         flash("You are already logged in.", "alert-success")
         return redirect(request.args.get("next") or url_for("index"))
     form = LoginForm()
-- 
GitLab