From e6e8af283891df7fe7a67269555381231b2b96f5 Mon Sep 17 00:00:00 2001 From: FSMPI Admin-Team <admin@fsmpi.rwth-aachen.de> Date: Fri, 28 Apr 2017 16:02:02 +0200 Subject: [PATCH] Fix login after session format change --- auth.py | 5 ++++- server.py | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/auth.py b/auth.py index 87b4d64..42a5f4c 100644 --- a/auth.py +++ b/auth.py @@ -161,7 +161,10 @@ class SecurityManager: summary, hash = map(lambda s: s.encode("utf-8"), parts) maccer = self.maccer.copy() maccer.update(summary) - session_duration = datetime.now() - User.from_hashstring(string).timestamp + user = User.from_hashstring(string) + if user is None: + return False + session_duration = datetime.now() - user.timestamp macs_equal = hmac.compare_digest(maccer.hexdigest().encode("utf-8"), hash) time_short = int(session_duration.total_seconds()) < self.max_duration return macs_equal and time_short diff --git a/server.py b/server.py index de2fbe8..543a9c1 100755 --- a/server.py +++ b/server.py @@ -1328,7 +1328,7 @@ def new_like(): @app.route("/login", methods=["GET", "POST"]) def login(): - if "auth" in session: + if "auth" in session and current_user() is not None: flash("You are already logged in.", "alert-success") return redirect(request.args.get("next") or url_for("index")) form = LoginForm() -- GitLab