Fixes in cookies
This commit is contained in:
Antonio de la Rosa
parent
963254a7ec
commit
b91b8b890b
5 changed files with 58 additions and 58 deletions
|
|
@ -37,13 +37,13 @@ class GetPostFiles:
|
|||
|
||||
GetPostFiles.post['csrf_token']=GetPostFiles.post.get('csrf_token', '')
|
||||
|
||||
if GetPostFiles.post['csrf_token']!=s['csrf_token']:
|
||||
if GetPostFiles.post['csrf_token']!=s['csrf_token'] and GetPostFiles.post['csrf_token'].strip()!="":
|
||||
|
||||
raise NameError('Error: you need a valid csrf_token')
|
||||
else:
|
||||
#Clean csrf_token
|
||||
|
||||
s['csrf_token']=''
|
||||
del s['csrf_token']
|
||||
|
||||
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -63,13 +63,12 @@ class ParamecioSession:
|
|||
return self.session.keys()
|
||||
|
||||
def remove(self):
|
||||
print("pepe")
|
||||
response.delete_cookie(config.cookie_name)
|
||||
response.delete_cookie(config.cookie_name, path="/")
|
||||
|
||||
def generate_session():
|
||||
|
||||
random_text=create_key_encrypt_256(30)
|
||||
response.set_cookie(config.cookie_name, random_text)
|
||||
response.set_cookie(config.cookie_name, random_text, secret=config.key_encrypt, path="/")
|
||||
request.environ[config.cookie_name]={'token': random_text}
|
||||
|
||||
def get_session():
|
||||
|
|
|
|||
|
|
@ -136,57 +136,59 @@ if config.session_enabled==True:
|
|||
if not os.path.isdir(config.session_opts['session.data_dir']):
|
||||
os.makedirs(config.session_opts['session.data_dir'], 0o700, True)
|
||||
|
||||
def load_session():
|
||||
if config.session_opts['session.type']=='file':
|
||||
|
||||
code_session=request.get_cookie(config.cookie_name)
|
||||
def load_session():
|
||||
|
||||
if code_session==None:
|
||||
# Send cookie
|
||||
generate_session()
|
||||
else:
|
||||
code_session=request.get_cookie(config.cookie_name, secret=config.key_encrypt)
|
||||
|
||||
# Check if file exists
|
||||
if code_session==None:
|
||||
# Send cookie
|
||||
generate_session()
|
||||
else:
|
||||
|
||||
if os.path.isfile(config.session_opts['session.data_dir']+'/session_'+code_session):
|
||||
with open(config.session_opts['session.data_dir']+'/session_'+code_session, 'r') as f:
|
||||
# Check if file exists
|
||||
|
||||
try:
|
||||
|
||||
s = JSONWebSignatureSerializer(key_encrypt)
|
||||
session_dict=f.read()
|
||||
request.environ[config.cookie_name]=s.loads(session_dict)
|
||||
request.environ[config.cookie_name]['token']=code_session
|
||||
|
||||
except:
|
||||
|
||||
# Clean fake session
|
||||
if os.path.isfile(config.session_opts['session.data_dir']+'/session_'+code_session):
|
||||
with open(config.session_opts['session.data_dir']+'/session_'+code_session, 'r') as f:
|
||||
|
||||
try:
|
||||
os.remove(config.session_opts['session.data_dir']+'/session_'+code_session)
|
||||
|
||||
s = JSONWebSignatureSerializer(key_encrypt)
|
||||
session_dict=f.read()
|
||||
request.environ[config.cookie_name]=s.loads(session_dict)
|
||||
request.environ[config.cookie_name]['token']=code_session
|
||||
|
||||
except:
|
||||
|
||||
pass
|
||||
# Clean fake session
|
||||
|
||||
generate_session()
|
||||
try:
|
||||
os.remove(config.session_opts['session.data_dir']+'/session_'+code_session)
|
||||
|
||||
else:
|
||||
request.environ[config.cookie_name]={'token': code_session}
|
||||
except:
|
||||
|
||||
def save_session():
|
||||
pass
|
||||
|
||||
save_session=request.environ[config.cookie_name]
|
||||
if 'save' in save_session:
|
||||
del save_session['save']
|
||||
# Here define the session type, if memcached, save data in memcached
|
||||
try:
|
||||
with open(config.session_opts['session.data_dir']+'/session_'+save_session['token'], 'w') as f:
|
||||
s = JSONWebSignatureSerializer(key_encrypt)
|
||||
json_encode=s.dumps(save_session)
|
||||
f.write(json_encode.decode('utf8'))
|
||||
generate_session()
|
||||
|
||||
except:
|
||||
pass
|
||||
else:
|
||||
request.environ[config.cookie_name]={'token': code_session}
|
||||
|
||||
def save_session():
|
||||
|
||||
save_session=request.environ[config.cookie_name]
|
||||
if 'save' in save_session:
|
||||
del save_session['save']
|
||||
# Here define the session type, if memcached, save data in memcached
|
||||
try:
|
||||
with open(config.session_opts['session.data_dir']+'/session_'+save_session['token'], 'w') as f:
|
||||
s = JSONWebSignatureSerializer(key_encrypt)
|
||||
json_encode=s.dumps(save_session)
|
||||
f.write(json_encode.decode('utf8'))
|
||||
|
||||
except:
|
||||
pass
|
||||
|
||||
#request.environ[config.cookie_name]['save']
|
||||
#def save_session()
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ def login():
|
|||
s['privileges']=arr_user['privileges']
|
||||
|
||||
remember_login=GetPostFiles.post.get('remember_login', '0')
|
||||
|
||||
"""
|
||||
if remember_login=='1':
|
||||
|
||||
timestamp=time()+315360000
|
||||
|
|
@ -238,7 +238,7 @@ def login():
|
|||
#else:
|
||||
#print(user_admin.query_error)
|
||||
#s.save()
|
||||
|
||||
"""
|
||||
return {'error': 0}
|
||||
else:
|
||||
return {'error': 1}
|
||||
|
|
@ -294,21 +294,21 @@ def logout():
|
|||
|
||||
s=get_session()
|
||||
|
||||
if 'login' in s.keys():
|
||||
#if 'login' in s.keys():
|
||||
|
||||
del s['login']
|
||||
del s['privileges']
|
||||
# del s['login']
|
||||
# del s['privileges']
|
||||
|
||||
#s.save()
|
||||
|
||||
s.remove()
|
||||
|
||||
if request.get_cookie("remember_login", secret=key_encrypt):
|
||||
|
||||
# delete cookie
|
||||
response.delete_cookie("remember_login")
|
||||
response.delete_cookie("remember_login", path="/")
|
||||
|
||||
#Remove cookie session
|
||||
|
||||
s.remove()
|
||||
#return ""
|
||||
|
||||
redirect('/'+config.admin_folder)
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ cookie_name = 'paramecio.session'
|
|||
|
||||
session_opts = {
|
||||
'session.type': 'file',
|
||||
'session.cookie_expires': False,
|
||||
'session.data_dir': './sessions'
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue