paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes in cookies

Browse source
This commit is contained in:
Antonio de la Rosa 2016-04-17 05:00:09 +02:00
parent 963254a7ec
commit b91b8b890b
5 changed files with 58 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

4
paramecio/citoplasma/httputils.py
View file

@ -37,13 +37,13 @@ class GetPostFiles:
GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '') GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '')
if GetPostFiles.post['csrf_token']!=s['csrf_token']: if GetPostFiles.post['csrf_token']!=s['csrf_token'] and GetPostFiles.post['csrf_token'].strip()!="":
raise NameError('Error: you need a valid csrf_token') raise NameError('Error: you need a valid csrf_token')
else: else:
#Clean csrf_token #Clean csrf_token
s['csrf_token']='' del s['csrf_token']
else: else:

5
paramecio/citoplasma/sessions.py
View file

@ -63,13 +63,12 @@ class ParamecioSession:
return self.session.keys() return self.session.keys()
def remove(self): def remove(self):
print("pepe") response.delete_cookie(config.cookie_name, path="/")
response.delete_cookie(config.cookie_name)
def generate_session(): def generate_session():
random_text=create_key_encrypt_256(30) random_text=create_key_encrypt_256(30)
response.set_cookie(config.cookie_name, random_text) response.set_cookie(config.cookie_name, random_text, secret=config.key_encrypt, path="/")
request.environ[config.cookie_name]={'token': random_text} request.environ[config.cookie_name]={'token': random_text}
def get_session(): def get_session():

4
paramecio/index.py
View file

@ -136,9 +136,11 @@ if config.session_enabled==True:
if not os.path.isdir(config.session_opts['session.data_dir']): if not os.path.isdir(config.session_opts['session.data_dir']):
os.makedirs(config.session_opts['session.data_dir'], 0o700, True) os.makedirs(config.session_opts['session.data_dir'], 0o700, True)
if config.session_opts['session.type']=='file':
def load_session(): def load_session():
code_session=request.get_cookie(config.cookie_name) code_session=request.get_cookie(config.cookie_name, secret=config.key_encrypt)
if code_session==None: if code_session==None:
# Send cookie # Send cookie

18
paramecio/modules/admin/index.py
View file

@ -215,7 +215,7 @@ def login():
s['privileges']=arr_user['privileges'] s['privileges']=arr_user['privileges']
remember_login=GetPostFiles.post.get('remember_login', '0') remember_login=GetPostFiles.post.get('remember_login', '0')
"""
if remember_login=='1': if remember_login=='1':
timestamp=time()+315360000 timestamp=time()+315360000
@ -238,7 +238,7 @@ def login():
#else: #else:
#print(user_admin.query_error) #print(user_admin.query_error)
#s.save() #s.save()
"""
return {'error': 0} return {'error': 0}
else: else:
return {'error': 1} return {'error': 1}
@ -294,21 +294,21 @@ def logout():
s=get_session() s=get_session()
if 'login' in s.keys(): #if 'login' in s.keys():
del s['login'] # del s['login']
del s['privileges'] # del s['privileges']
#s.save() #s.save()
s.remove()
if request.get_cookie("remember_login", secret=key_encrypt): if request.get_cookie("remember_login", secret=key_encrypt):
# delete cookie # delete cookie
response.delete_cookie("remember_login") response.delete_cookie("remember_login", path="/")
#Remove cookie session #return ""
s.remove()
redirect('/'+config.admin_folder) redirect('/'+config.admin_folder)

1
paramecio/settings/config.py.sample
View file

@ -53,7 +53,6 @@ cookie_name = 'paramecio.session'
session_opts = { session_opts = {
'session.type': 'file', 'session.type': 'file',
'session.cookie_expires': False,
'session.data_dir': './sessions' 'session.data_dir': './sessions'
} }