Fixed an issue that cause user sessions to not be properly associated
Sessions could get duplicated, wrongly saved etc. The reason was not persisting the actual user object to the internal session map (but the LocalProxy instead). That could lead to multiple sessions being created for one login, or the session user being set to an anonymous user, or various other odd effects depending on timing.
This commit is contained in:
Gina Häußge
parent
d5b0bd2518
commit
8aeac51124
2 changed files with 19 additions and 11 deletions
|
|
@ -227,8 +227,10 @@ def passive_login():
|
|||
user = flask.ext.login.current_user
|
||||
|
||||
if user is not None and not user.is_anonymous():
|
||||
flask.g.user = user
|
||||
flask.ext.principal.identity_changed.send(flask.current_app._get_current_object(), identity=flask.ext.principal.Identity(user.get_id()))
|
||||
if hasattr(user, "get_session"):
|
||||
flask.session["usersession.id"] = user.get_session()
|
||||
flask.g.user = user
|
||||
return flask.jsonify(user.asDict())
|
||||
elif settings().getBoolean(["accessControl", "autologinLocal"]) \
|
||||
and settings().get(["accessControl", "autologinAs"]) is not None \
|
||||
|
|
@ -252,7 +254,7 @@ def passive_login():
|
|||
logger = logging.getLogger(__name__)
|
||||
logger.exception("Could not autologin user %s for networks %r" % (autologinAs, localNetworks))
|
||||
|
||||
return ("", 204)
|
||||
return "", 204
|
||||
|
||||
|
||||
#~~ cache decorator for cacheable views
|
||||
|
|
|
|||
|
|
@ -28,13 +28,18 @@ class UserManager(object):
|
|||
def login_user(self, user):
|
||||
self._cleanup_sessions()
|
||||
|
||||
if user is None \
|
||||
or (isinstance(user, LocalProxy) and not isinstance(user._get_current_object(), User)) \
|
||||
or (not isinstance(user, LocalProxy) and not isinstance(user, User)):
|
||||
if user is None:
|
||||
return
|
||||
|
||||
if isinstance(user, LocalProxy):
|
||||
user = user._get_current_object()
|
||||
|
||||
if not isinstance(user, User):
|
||||
return None
|
||||
|
||||
if not isinstance(user, SessionUser):
|
||||
user = SessionUser(user)
|
||||
|
||||
self._session_users_by_session[user.get_session()] = user
|
||||
|
||||
if not user.get_name() in self._session_users_by_username:
|
||||
|
|
@ -49,6 +54,9 @@ class UserManager(object):
|
|||
if user is None:
|
||||
return
|
||||
|
||||
if isinstance(user, LocalProxy):
|
||||
user = user._get_current_object()
|
||||
|
||||
if not isinstance(user, SessionUser):
|
||||
return
|
||||
|
||||
|
|
@ -146,12 +154,10 @@ class UserManager(object):
|
|||
del self._session_users_by_username[username]
|
||||
|
||||
def findUser(self, username=None, session=None):
|
||||
if session is not None:
|
||||
for session in self._session_users_by_session:
|
||||
user = self._session_users_by_session[session]
|
||||
if username is None or username == user.get_id():
|
||||
return user
|
||||
break
|
||||
if session is not None and session in self._session_users_by_session:
|
||||
user = self._session_users_by_session[session]
|
||||
if username is None or username == user.get_id():
|
||||
return user
|
||||
|
||||
return None
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue