From c3b5721202cace4f91e9f8cff5771d25b0c24cf0 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Tue, 27 Oct 2020 13:37:13 +0100 Subject: [PATCH] [System] Fixed usage of protected members --- .../system/controller/sessionController.py | 18 +++++++++--------- .../system/controller/userController.py | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/flaschengeist/system/controller/sessionController.py b/flaschengeist/system/controller/sessionController.py index 4be467b..e9699f7 100644 --- a/flaschengeist/system/controller/sessionController.py +++ b/flaschengeist/system/controller/sessionController.py @@ -22,19 +22,19 @@ def validate_token(token, user_agent, permissions): A Session for this given Token or False. """ logger.debug("check token {{ {} }} is valid".format(token)) - access_token = Session.query.filter_by(token=token).one_or_none() - if access_token: + session = Session.query.filter_by(token=token).one_or_none() + if session: logger.debug("token found, check if expired or invalid user agent differs") - if access_token.expires >= datetime.now(timezone.utc) and ( - access_token.browser == user_agent.browser and access_token.platform == user_agent.platform + if session.expires >= datetime.now(timezone.utc) and ( + session.browser == user_agent.browser and session.platform == user_agent.platform ): - if not permissions or access_token.user.has_permissions(permissions): - access_token.refresh() + if not permissions or session._user.has_permissions(permissions): + session.refresh() db.session.commit() - return access_token + return session else: logger.debug("access token is out of date or invalid client used") - delete_session(access_token) + delete_session(session) logger.debug("no valid access token with token: {{ {} }} and permissions: {{ {} }}".format(token, permissions)) return False @@ -78,7 +78,7 @@ def get_session(token, owner=None): Session: Token object identified by given token string """ session = Session.query.filter(Session.token == token).one_or_none() - if session and (owner and owner != session.user): + if session and (owner and owner != session._user): raise Forbidden return session diff --git a/flaschengeist/system/controller/userController.py b/flaschengeist/system/controller/userController.py index 9415bf6..15b7ab2 100644 --- a/flaschengeist/system/controller/userController.py +++ b/flaschengeist/system/controller/userController.py @@ -28,7 +28,7 @@ def update_user(user): def set_roles(user: User, roles: [str]): user.roles.clear() for role_name in roles: - role = Role.query.filter(Role.name == role_name).one_or_one() + role = Role.query.filter(Role.name == role_name).one_or_none() if not role: raise BadRequest("Role not found >{}<".format(role_name)) user.roles.append(role)