Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity

[System] Fixed usage of protected members

This commit is contained in:
Ferdinand Thiessen 2020-10-27 13:37:13 +01:00
parent e14553651f
commit c3b5721202
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
flaschengeist/system/controller/sessionController.py
View File

@ -22,19 +22,19 @@ def validate_token(token, user_agent, permissions):
A Session for this given Token or False. A Session for this given Token or False.
""" """
logger.debug("check token {{ {} }} is valid".format(token)) logger.debug("check token {{ {} }} is valid".format(token))
access_token = Session.query.filter_by(token=token).one_or_none() session = Session.query.filter_by(token=token).one_or_none()
if access_token: if session:
logger.debug("token found, check if expired or invalid user agent differs") logger.debug("token found, check if expired or invalid user agent differs")
if access_token.expires >= datetime.now(timezone.utc) and ( if session.expires >= datetime.now(timezone.utc) and (
access_token.browser == user_agent.browser and access_token.platform == user_agent.platform session.browser == user_agent.browser and session.platform == user_agent.platform
): ):
if not permissions or access_token.user.has_permissions(permissions): if not permissions or session._user.has_permissions(permissions):
access_token.refresh() session.refresh()
db.session.commit() db.session.commit()
return access_token return session
else: else:
logger.debug("access token is out of date or invalid client used") logger.debug("access token is out of date or invalid client used")
delete_session(access_token) delete_session(session)
logger.debug("no valid access token with token: {{ {} }} and permissions: {{ {} }}".format(token, permissions)) logger.debug("no valid access token with token: {{ {} }} and permissions: {{ {} }}".format(token, permissions))
return False return False
@ -78,7 +78,7 @@ def get_session(token, owner=None):
Session: Token object identified by given token string Session: Token object identified by given token string
""" """
session = Session.query.filter(Session.token == token).one_or_none() session = Session.query.filter(Session.token == token).one_or_none()
if session and (owner and owner != session.user): if session and (owner and owner != session._user):
raise Forbidden raise Forbidden
return session return session

2
flaschengeist/system/controller/userController.py
View File

@ -28,7 +28,7 @@ def update_user(user):
def set_roles(user: User, roles: [str]): def set_roles(user: User, roles: [str]):
user.roles.clear() user.roles.clear()
for role_name in roles: for role_name in roles:
role = Role.query.filter(Role.name == role_name).one_or_one() role = Role.query.filter(Role.name == role_name).one_or_none()
if not role: if not role:
raise BadRequest("Role not found >{}<".format(role_name)) raise BadRequest("Role not found >{}<".format(role_name))
user.roles.append(role) user.roles.append(role)