Compare commits
No commits in common. "06cf8161e9ac1244c1b9fb6b837d7a9d10b1afa9" and "4309d65c854c7d974efbbf14aed1ff5f3b528bd8" have entirely different histories.
06cf8161e9
...
4309d65c85
4
auth.py
4
auth.py
|
|
@ -53,8 +53,8 @@ def auth_required(func):
|
|||
await conn.execute(
|
||||
"UPDATE user_session SET last_used = NOW(), "
|
||||
"expires = NOW() + INTERVAL '30 DAYS' "
|
||||
"WHERE user_id = $1 AND id = $2",
|
||||
user_id, sid)
|
||||
"WHERE user_id = $1",
|
||||
user_id)
|
||||
resp.set_cookie(
|
||||
'userid',
|
||||
user_id,
|
||||
|
|
|
|||
58
buckler.py
58
buckler.py
|
|
@ -44,7 +44,7 @@ async def index(request):
|
|||
"SELECT * FROM user_credential WHERE user_id = $1",
|
||||
request['session']['id'])
|
||||
active_sessions = await conn.fetch(
|
||||
"SELECT id, ip_address, date_created, last_used FROM user_session "
|
||||
"SELECT id, ip_address FROM user_session "
|
||||
"WHERE user_id = $1",
|
||||
request['session']['id'])
|
||||
|
||||
|
|
@ -224,11 +224,13 @@ async def get_session(request):
|
|||
app = await conn.fetchrow("SELECT * FROM app_info WHERE id = $1", app_id)
|
||||
if app:
|
||||
if argon2.verify(app_key, app['key_hash']):
|
||||
session = await conn.fetchrow(
|
||||
sessions = await conn.fetch(
|
||||
"SELECT * FROM user_session "
|
||||
"WHERE user_id = $1 AND id = $2 AND expires > NOW()",
|
||||
user_id, user_sid)
|
||||
"WHERE user_id = $1 AND expires > NOW()",
|
||||
user_id)
|
||||
session = [s for s in sessions if s.get('id') == user_sid]
|
||||
if session:
|
||||
session = session[0]
|
||||
data = await conn.fetchrow(
|
||||
"SELECT user_info.username, app_user.session_data "
|
||||
"FROM user_info LEFT JOIN app_user "
|
||||
|
|
@ -242,8 +244,8 @@ async def get_session(request):
|
|||
await conn.execute(
|
||||
"UPDATE user_session SET last_used = NOW(), "
|
||||
"expires = NOW() + INTERVAL '30 DAYS' "
|
||||
"WHERE user_id = $1 AND id = $2",
|
||||
user_id, user_sid)
|
||||
"WHERE user_id = $1",
|
||||
user_id)
|
||||
await conn.close()
|
||||
|
||||
data_meta = dict(data)
|
||||
|
|
@ -310,50 +312,6 @@ async def set_session(request):
|
|||
return web.json_response(error)
|
||||
|
||||
|
||||
@routes.post(config.url_prefix + '/delete_key', name='delete_key')
|
||||
@auth.auth_required
|
||||
async def delete_key(request):
|
||||
"""Allows a user to delete a security key."""
|
||||
data = await request.post()
|
||||
async with request.app['pool'].acquire() as conn:
|
||||
for key, value in data.items():
|
||||
key_id = key.replace('fido-', '')
|
||||
if not key_id:
|
||||
continue
|
||||
try:
|
||||
key_id = int(key_id)
|
||||
except ValueError:
|
||||
continue
|
||||
if value != 'on':
|
||||
continue
|
||||
await conn.execute(
|
||||
"DELETE FROM user_credential "
|
||||
"WHERE id = $1 AND user_id = $2",
|
||||
key_id, request['session']['id'])
|
||||
index_url = request.app.router['index'].url_for()
|
||||
raise web.HTTPFound(location=index_url)
|
||||
|
||||
|
||||
@routes.post(config.url_prefix + '/delete_session', name='delete_session')
|
||||
@auth.auth_required
|
||||
async def delete_session(request):
|
||||
"""Allows a user to delete a session ."""
|
||||
data = await request.post()
|
||||
async with request.app['pool'].acquire() as conn:
|
||||
for key, value in data.items():
|
||||
session_id = key.replace('session-', '', 1)
|
||||
if not session_id:
|
||||
continue
|
||||
if value != 'on':
|
||||
continue
|
||||
await conn.execute(
|
||||
"DELETE FROM user_session "
|
||||
"WHERE id = $1 AND user_id = $2",
|
||||
session_id, request['session']['id'])
|
||||
index_url = request.app.router['index'].url_for()
|
||||
raise web.HTTPFound(location=index_url)
|
||||
|
||||
|
||||
async def init_app():
|
||||
"""Initializes the application."""
|
||||
app = web.Application()
|
||||
|
|
|
|||
|
|
@ -41,16 +41,15 @@ h2 {
|
|||
list-style-type: none;
|
||||
}
|
||||
|
||||
table {
|
||||
#users {
|
||||
border: 1px solid lightgray;
|
||||
border-collapse: collapse;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
tr {
|
||||
#users tr {
|
||||
border: 1px solid lightgray;
|
||||
}
|
||||
|
||||
td {
|
||||
#users td {
|
||||
text-align: center;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -78,7 +78,6 @@
|
|||
<article style="display: none;">
|
||||
<hr>
|
||||
{% if fido2_keys %}
|
||||
<form action="{{ request.app.router['delete_key'].url_for() }}" method="POST" enctype="application/x-www-form-urlencoded">
|
||||
<table id="security_keys">
|
||||
<thead>
|
||||
<tr>
|
||||
|
|
@ -95,8 +94,6 @@
|
|||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
<input type="submit" value="Delete">
|
||||
</form>
|
||||
{% else %}
|
||||
<span>No registered keys.</span>
|
||||
{% endif %}
|
||||
|
|
@ -107,31 +104,22 @@
|
|||
<h2>Active Sessions</h2>
|
||||
<article style="display: none;">
|
||||
<hr>
|
||||
<form action="{{ request.app.router['delete_session'].url_for() }}" method="POST" enctype="application/x-www-form-urlencoded">
|
||||
<table id="active_sessions">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Session ID</th>
|
||||
<th>IP Address</th>
|
||||
<th>Created</th>
|
||||
<th>Last Used</th>
|
||||
<th>Delete</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for session in active_sessions %}
|
||||
<tr>
|
||||
<td><code>{{ session['id'][:5] }}...{{ session['id'][-5:] }}</code></td>
|
||||
<td>{{ session['ip_address'] }}</td>
|
||||
<td>{{ session['date_created'].strftime('%Y-%m-%d %H:%M') }}</td>
|
||||
<td>{{ session['last_used'].strftime('%Y-%m-%d %H:%M') }}</td>
|
||||
<td><input aria-label="Delete {{ session['id'][:5] }}...{{ session['id'][-5:] }}" id="session-{{ session['id'] }}" name="session-{{ session['id'] }}" type="checkbox"></td>
|
||||
<td><input aria-label="Delete {{ session['id'][:5] }}" id="session-{{ session['id'][:5] }}" name="session-{{ session['id'][:5] }}" type="checkbox"></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
<input type="submit" value="Delete">
|
||||
</form>
|
||||
</article>
|
||||
</section>
|
||||
</main>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user