From dbef50cb866696c8106da5e95f90d16a2fe8c137 Mon Sep 17 00:00:00 2001
From: Wiki Updater <sam.vzh@netc.fr>
Date: Sat, 7 Sep 2019 14:15:31 +0200
Subject: [PATCH] =?UTF-8?q?Ajout=20du=20temps=20maximum=20d'inactivit?=
 =?UTF-8?q?=C3=A9=20pour=20une=20connexion?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Issue n° #23 Fixer le temps d'une session par cookie (Remember me)
Corrigé, par l'ajout d'une option dans le fichier de configuration et
du code pour gèrer ça.
---
 app/routes/account/login.py | 6 ++++--
 config.py                   | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/routes/account/login.py b/app/routes/account/login.py
index 37fbda5..6295935 100644
--- a/app/routes/account/login.py
+++ b/app/routes/account/login.py
@@ -5,6 +5,7 @@ from app.forms.login import LoginForm
 from app.models.users import Member
 from app.models.privs import Group
 from app.utils.render import render
+from config import V5Config
 
 
 @app.route('/login', methods=['GET', 'POST'])
@@ -31,7 +32,8 @@ def login():
             return redirect(url_for('index'))
 
         # Login & update time-based trophies
-        login_user(member, remember=form.remember_me.data)
+        login_user(member, remember=form.remember_me.data,
+                   duration=V5Config.REMEMBER_COOKIE_DURATION)
         member.update_trophies("on-login")
 
         # Redirect safely (https://huit.re/open-redirect)
@@ -39,7 +41,7 @@ def login():
             ref_url = urlparse(request.host_url)
             test_url = urlparse(urljoin(request.host_url, target))
             return test_url.scheme in ('http', 'https') and \
-                   ref_url.netloc == test_url.netloc
+                ref_url.netloc == test_url.netloc
 
         next = request.args.get('next')
         if next and is_safe_url(next):
diff --git a/config.py b/config.py
index aa4fa08..1501d3b 100644
--- a/config.py
+++ b/config.py
@@ -1,6 +1,8 @@
 import os
+import datetime
 from local_config import DB_NAME
 
+
 class Config(object):
     SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key'
     SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
@@ -23,3 +25,5 @@ class V5Config(object):
     PASSWORD_MINLEN = 10
     # Maximum thread name length
     THREAD_NAME_MAXLEN = 32
+    # Remember-me cookie duration time
+    REMEMBER_COOKIE_DURATION = datetime.timedelta(days=7)