Browse Source

Ajout du temps maximum d'inactivité pour une connexion

Issue n° #23 Fixer le temps d'une session par cookie (Remember me)
Corrigé, par l'ajout d'une option dans le fichier de configuration et
du code pour gèrer ça.
posts
Eragon 3 months ago
parent
commit
dbef50cb86
No known key found for this signature in database
2 changed files with 8 additions and 2 deletions
  1. +4
    -2
      app/routes/account/login.py
  2. +4
    -0
      config.py

+ 4
- 2
app/routes/account/login.py View File

@@ -5,6 +5,7 @@ from app.forms.login import LoginForm
from app.models.users import Member
from app.models.privs import Group
from app.utils.render import render
from config import V5Config


@app.route('/login', methods=['GET', 'POST'])
@@ -31,7 +32,8 @@ def login():
return redirect(url_for('index'))

# Login & update time-based trophies
login_user(member, remember=form.remember_me.data)
login_user(member, remember=form.remember_me.data,
duration=V5Config.REMEMBER_COOKIE_DURATION)
member.update_trophies("on-login")

# Redirect safely (https://huit.re/open-redirect)
@@ -39,7 +41,7 @@ def login():
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and \
ref_url.netloc == test_url.netloc
ref_url.netloc == test_url.netloc

next = request.args.get('next')
if next and is_safe_url(next):

+ 4
- 0
config.py View File

@@ -1,6 +1,8 @@
import os
import datetime
from local_config import DB_NAME


class Config(object):
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key'
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
@@ -23,3 +25,5 @@ class V5Config(object):
PASSWORD_MINLEN = 10
# Maximum thread name length
THREAD_NAME_MAXLEN = 32
# Remember-me cookie duration time
REMEMBER_COOKIE_DURATION = datetime.timedelta(days=7)

Loading…
Cancel
Save