Backported better session removal from burgerauth

This commit is contained in:
Tracker-Friendly 2024-06-14 07:51:24 +00:00
parent c03c29bce6
commit 05488938ef
1 changed files with 3 additions and 16 deletions

19
main
View File

@ -89,17 +89,6 @@ def get_session(identifier):
return None return None
return post return post
def get_session_from_sessionid(identifier):
conn = get_db_connection()
post = conn.execute("SELECT * FROM sessions WHERE sessionid = ?",
(identifier,)).fetchone()
conn.close()
if post is None:
return None
return post
def check_username_taken(username): def check_username_taken(username):
conn = get_db_connection() conn = get_db_connection()
post = conn.execute("SELECT * FROM users WHERE lower(username) = ?", post = conn.execute("SELECT * FROM users WHERE lower(username) = ?",
@ -531,12 +520,10 @@ async def apisessionsremove():
userCookie = get_session(secretKey) userCookie = get_session(secretKey)
user = get_user(userCookie["id"]) user = get_user(userCookie["id"])
session = get_session_from_sessionid(sessionId) if userCookie is not None:
if user["id"] == userCookie["id"]:
if session is not None:
if user["id"] == session["id"]:
conn = get_db_connection() conn = get_db_connection()
conn.execute("DELETE FROM sessions WHERE sessionid = ?", (session["sessionid"],)) conn.execute("DELETE FROM sessions WHERE sessionid = ?", (userCookie["sessionid"],))
conn.commit() conn.commit()
conn.close() conn.close()