weva/matemat
1
0
Fork 0
forked from s3lph/matemat
Code Pull requests Activity

fix: session id shared between all sessions

Browse source 
fix: minor css fixes
This commit is contained in:
s3lph 2024-12-07 16:30:28 +01:00
parent 67e2a813d5
commit 745843e07d
Signed by untrusted user: s3lph
GPG key ID: 0AA29A52FB33CFB5
5 changed files with 27 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
CHANGELOG.md
View file

@ -1,5 +1,19 @@
# Matemat Changelog # Matemat Changelog
<!-- BEGIN RELEASE v0.4.1 -->
## Version 0.4.1
Security Fix & minor UI fixes
### Changes
<!-- BEGIN CHANGES 0.4.1 -->
- fix: session id shared between all sessions
- fix: minor css fixes
<!-- END CHANGES 0.4.1 -->
<!-- END RELEASE v0.4.1 -->
<!-- BEGIN RELEASE v0.4.0 --> <!-- BEGIN RELEASE v0.4.0 -->
## Version 0.4.0 ## Version 0.4.0

2
matemat/__init__.py
View file

@ -1,2 +1,2 @@
__version__ = '0.4.0' __version__ = '0.4.1'

8
matemat/webserver/session/sessions.py
View file

@ -20,9 +20,9 @@ def start() -> str:
:return: The session ID. :return: The session ID.
""" """
if hasattr(response, 'session_id'): if 'session_id' in request.environ:
# A session has already been created while handling the same request # A session has already been created while handling the same request
return response.session_id return request.environ['session_id']
# Reference date for session timeout # Reference date for session timeout
now = datetime.now(UTC) now = datetime.now(UTC)
# Read the client's session ID, if any # Read the client's session ID, if any
@ -46,9 +46,9 @@ def start() -> str:
(now + timedelta(seconds=_SESSION_TIMEOUT), __session_vars[session_id][1]) (now + timedelta(seconds=_SESSION_TIMEOUT), __session_vars[session_id][1])
# Return the session ID and timeout # Return the session ID and timeout
response.set_cookie(_COOKIE_NAME, session_id, secret=__key) response.set_cookie(_COOKIE_NAME, session_id, secret=__key)
# Piggy-back the session id onto the response object so that we don't create another session # Piggy-back the session id onto the request object so that we don't create another session
# in subsequent calls to start() while handling the same request. # in subsequent calls to start() while handling the same request.
response.session_id = session_id request.environ['session_id'] = session_id
return session_id return session_id

6
static/css/matemat.css
View file

@ -233,3 +233,9 @@
.card-img-overlay span { .card-img-overlay span {
padding: .5em; padding: .5em;
} }
.card-header {
overflow: hidden;
white-space: nowrap;
text-overflow: ellipsis;
}

4
templates/productlist.html
View file

@ -8,10 +8,10 @@
<p> <p>
Your balance: <strong>{{ authuser.balance|chf }}</strong> Your balance: <strong>{{ authuser.balance|chf }}</strong>
</p> </p>
<p id="depositlist"> <div id="depositlist">
<a class="btn btn-primary me-2" href="/deposit?n=100">Deposit CHF 1</a> <a class="btn btn-primary me-2" href="/deposit?n=100">Deposit CHF 1</a>
<a class="btn btn-primary me-2" href="/deposit?n=1000">Deposit CHF 10</a> <a class="btn btn-primary me-2" href="/deposit?n=1000">Deposit CHF 10</a>
</p> </div>
<div id="deposit-wrapper"> <div id="deposit-wrapper">
<div id="deposit-input"> <div id="deposit-input">
<div id="deposit-output"> <div id="deposit-output">