Tituya
/
PCv5
forked from devs/PCv5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Ajout du temps maximum d'inactivité pour une connexion 

Issue n° #23 Fixer le temps d'une session par cookie (Remember me)
Corrigé, par l'ajout d'une option dans le fichier de configuration et
du code pour gèrer ça.
This commit is contained in:
Eragon 2019-09-07 14:15:31 +02:00
parent 2e80a56596
commit dbef50cb86
No known key found for this signature in database
GPG Key ID: B2B1BF4DA61BBB85
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/routes/account/login.py
View File

@ -5,6 +5,7 @@ from app.forms.login import LoginForm
from app.models.users import Member
from app.models.privs import Group
from app.utils.render import render
from config import V5Config
@app.route('/login', methods=['GET', 'POST'])
@ -31,7 +32,8 @@ def login():
return redirect(url_for('index'))
# Login & update time-based trophies
login_user(member, remember=form.remember_me.data)
login_user(member, remember=form.remember_me.data,
duration=V5Config.REMEMBER_COOKIE_DURATION)
member.update_trophies("on-login")
# Redirect safely (https://huit.re/open-redirect)
@ -39,7 +41,7 @@ def login():
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and \
ref_url.netloc == test_url.netloc
ref_url.netloc == test_url.netloc
next = request.args.get('next')
if next and is_safe_url(next):

4
config.py
View File

@ -1,6 +1,8 @@
import os
import datetime
from local_config import DB_NAME
class Config(object):
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key'
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
@ -23,3 +25,5 @@ class V5Config(object):
PASSWORD_MINLEN = 10
# Maximum thread name length
THREAD_NAME_MAXLEN = 32
# Remember-me cookie duration time
REMEMBER_COOKIE_DURATION = datetime.timedelta(days=7)