misc bugfix

README.md

@@ -4,6 +4,7 @@ A security shield for protecting a number of small web applications.
 ## Requirements  
 Python 3.7+  
 PostgreSQL 11.5+  
+Debian System packages: `build-essential python3-dev`
 Python packages: `wheel gunicorn aiohttp aiohttp_jinja2 asyncpg passlib argon2_cffi uvloop fido2`  
 
 ## Install  

buckler_aiohttp.py

@@ -16,8 +16,8 @@ async def buckler_session(request, handler):
 	Verifies the user with the configured Buckler app and retrieves any
 	session data they may have. Redirects them to the login page otherwise.
 	"""
-	user_id = request.cookies.get('userid')
-	user_sid = request.cookies.get('session')
+	user_id = request.cookies.get('userid', '')
+	user_sid = request.cookies.get('session', '')
 
 	url = config.buckler['url'] + '/get_session'
 	params = {

forms.py

@@ -89,14 +89,14 @@ async def change_password(request):
 		return errors
 
 	async with request.app['pool'].acquire() as conn:
-		pw_hash = conn.fetchrow(
+		pw_hash = await conn.fetchrow(
 			"SELECT password_hash FROM user_info WHERE id = $1",
 			request['session']['id'])
 		if not argon2.verify(current_pw, pw_hash['password_hash']):
 			errors['change_password'] = "Invalid password."
 			return errors
 		h = argon2.hash(new_pw)
-		conn.execute(
+		await conn.execute(
 			"UPDATE user_info SET password_hash = $1 WHERE id = $2",
 			h, request['session']['id'])
 	return errors