i am smort
This commit is contained in:
@@ -41,7 +41,7 @@ from .utils import (
|
||||
get_course,
|
||||
token_required,
|
||||
get_cached_deck_info,
|
||||
is_safe_url
|
||||
is_safe_url,
|
||||
)
|
||||
|
||||
|
||||
@@ -138,7 +138,7 @@ def set_cookie(token):
|
||||
|
||||
resp = make_response(redirect(next_url))
|
||||
resp.set_cookie(
|
||||
"access_token", serialize_token(token), httponly=True, samesite="Lax", path="/"
|
||||
"access_token", serialize_token(token), httponly=True, samesite="Lax", path="/", max_age=31536000
|
||||
)
|
||||
return resp
|
||||
|
||||
@@ -222,12 +222,15 @@ def register():
|
||||
def logout():
|
||||
token = get_token()
|
||||
user_name = token.name if token else "Unknown"
|
||||
|
||||
if flask_login.current_user.is_authenticated:
|
||||
current_app.logger.info(f"Admin logout: {flask_login.current_user.id}")
|
||||
flask_login.logout_user()
|
||||
|
||||
current_app.logger.info(f"User logout: {user_name}")
|
||||
|
||||
resp = make_response(
|
||||
redirect(url_for("main.index"))
|
||||
) # Redirect to a safe page, e.g., index or login
|
||||
resp.set_cookie("access_token", "", expires=0) # Clears the cookie
|
||||
resp = make_response(redirect(url_for("main.index")))
|
||||
resp.set_cookie("access_token", "", expires=0)
|
||||
return resp
|
||||
|
||||
|
||||
@@ -266,7 +269,9 @@ def admin_login():
|
||||
next_page = request.args.get("next")
|
||||
|
||||
if next_page and not is_safe_url(next_page):
|
||||
current_app.logger.warning(f"Blocked unsafe redirect attempt to: {next_page}")
|
||||
current_app.logger.warning(
|
||||
f"Blocked unsafe redirect attempt to: {next_page}"
|
||||
)
|
||||
return abort(400)
|
||||
|
||||
if next_page:
|
||||
|
||||
Reference in New Issue
Block a user