skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fds

Browse source
This commit is contained in:
Aevann1 2022-04-16 17:04:34 +02:00
parent 4af0c78f8b
commit 559b402c4e
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
files/helpers/wrappers.py
View file

@ -18,17 +18,18 @@ def get_logged_in_user():
else: else:
lo_user = session.get("lo_user") lo_user = session.get("lo_user")
if lo_user: if lo_user:
nonce = session.get("login_nonce", 0)
id = int(lo_user) id = int(lo_user)
v = g.db.query(User).filter_by(id=id).one_or_none() v = g.db.query(User).filter_by(id=id).one_or_none()
if v and nonce >= v.login_nonce: if v:
if v.id != id: abort(400) nonce = session.get("login_nonce", 0)
v.client = None if nonce < v.login_nonce or v.id != id: abort(401)
if request.method != "GET": if request.method != "GET":
submitted_key = request.values.get("formkey") submitted_key = request.values.get("formkey")
if not submitted_key: abort(401) if not submitted_key: abort(401)
elif not v.validate_formkey(submitted_key): abort(401) if not v.validate_formkey(submitted_key): abort(401)
v.client = None
if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level): if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level):