From 8060d84ac2870f4d403577c5f1c750d00afc3056 Mon Sep 17 00:00:00 2001 From: iou1name Date: Thu, 9 Apr 2020 07:58:38 -0400 Subject: [PATCH] misc bugfix --- README.md | 1 + buckler_aiohttp.py | 4 ++-- forms.py | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 784e943..f15e2b6 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ A security shield for protecting a number of small web applications. ## Requirements Python 3.7+ PostgreSQL 11.5+ +Debian System packages: `build-essential python3-dev` Python packages: `wheel gunicorn aiohttp aiohttp_jinja2 asyncpg passlib argon2_cffi uvloop fido2` ## Install diff --git a/buckler_aiohttp.py b/buckler_aiohttp.py index a2c8ed6..bb10047 100644 --- a/buckler_aiohttp.py +++ b/buckler_aiohttp.py @@ -16,8 +16,8 @@ async def buckler_session(request, handler): Verifies the user with the configured Buckler app and retrieves any session data they may have. Redirects them to the login page otherwise. """ - user_id = request.cookies.get('userid') - user_sid = request.cookies.get('session') + user_id = request.cookies.get('userid', '') + user_sid = request.cookies.get('session', '') url = config.buckler['url'] + '/get_session' params = { diff --git a/forms.py b/forms.py index 4a59dac..e818b87 100644 --- a/forms.py +++ b/forms.py @@ -89,14 +89,14 @@ async def change_password(request): return errors async with request.app['pool'].acquire() as conn: - pw_hash = conn.fetchrow( + pw_hash = await conn.fetchrow( "SELECT password_hash FROM user_info WHERE id = $1", request['session']['id']) if not argon2.verify(current_pw, pw_hash['password_hash']): errors['change_password'] = "Invalid password." return errors h = argon2.hash(new_pw) - conn.execute( + await conn.execute( "UPDATE user_info SET password_hash = $1 WHERE id = $2", h, request['session']['id']) return errors