Ajout du temps maximum d'inactivité pour une connexion
Issue n° #23 Fixer le temps d'une session par cookie (Remember me) Corrigé, par l'ajout d'une option dans le fichier de configuration et du code pour gèrer ça.
This commit is contained in:
parent
2e80a56596
commit
dbef50cb86
|
@ -5,6 +5,7 @@ from app.forms.login import LoginForm
|
|||
from app.models.users import Member
|
||||
from app.models.privs import Group
|
||||
from app.utils.render import render
|
||||
from config import V5Config
|
||||
|
||||
|
||||
@app.route('/login', methods=['GET', 'POST'])
|
||||
|
@ -31,7 +32,8 @@ def login():
|
|||
return redirect(url_for('index'))
|
||||
|
||||
# Login & update time-based trophies
|
||||
login_user(member, remember=form.remember_me.data)
|
||||
login_user(member, remember=form.remember_me.data,
|
||||
duration=V5Config.REMEMBER_COOKIE_DURATION)
|
||||
member.update_trophies("on-login")
|
||||
|
||||
# Redirect safely (https://huit.re/open-redirect)
|
||||
|
@ -39,7 +41,7 @@ def login():
|
|||
ref_url = urlparse(request.host_url)
|
||||
test_url = urlparse(urljoin(request.host_url, target))
|
||||
return test_url.scheme in ('http', 'https') and \
|
||||
ref_url.netloc == test_url.netloc
|
||||
ref_url.netloc == test_url.netloc
|
||||
|
||||
next = request.args.get('next')
|
||||
if next and is_safe_url(next):
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
import os
|
||||
import datetime
|
||||
from local_config import DB_NAME
|
||||
|
||||
|
||||
class Config(object):
|
||||
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key'
|
||||
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
|
||||
|
@ -23,3 +25,5 @@ class V5Config(object):
|
|||
PASSWORD_MINLEN = 10
|
||||
# Maximum thread name length
|
||||
THREAD_NAME_MAXLEN = 32
|
||||
# Remember-me cookie duration time
|
||||
REMEMBER_COOKIE_DURATION = datetime.timedelta(days=7)
|
||||
|
|
Loading…
Reference in New Issue