delete tokens after logout
This commit is contained in:
Michael Zhang
parent
252ed8ab9b
commit
41ea9b0ed3
2 changed files with 27 additions and 18 deletions
|
|
@ -12,6 +12,7 @@ class Users(db.Model):
|
|||
username_lower = db.Column(db.String(64), unique=True)
|
||||
email = db.Column(db.String(64), unique=True)
|
||||
password = db.Column(db.String(128))
|
||||
admin = db.Column(db.Boolean)
|
||||
utype = db.Column(db.Integer)
|
||||
|
||||
def __init__(self, name, username, email, password, utype=1):
|
||||
|
|
@ -21,6 +22,7 @@ class Users(db.Model):
|
|||
self.email = email.lower()
|
||||
self.password = utils.hash_password(password)
|
||||
self.utype = utype
|
||||
self.admin = False
|
||||
|
||||
class Teams(db.Model):
|
||||
tid = db.Column(db.Integer, primary_key=True)
|
||||
|
|
|
|||
|
|
@ -38,17 +38,20 @@ def user_register():
|
|||
db.session.add(user)
|
||||
db.session.commit()
|
||||
|
||||
logger.log("registrations", logger.INFO, "%s registered with %s" % (name.encode("utf-8"), email.encode("utf-8")))
|
||||
login_user(username, password)
|
||||
logger.log("registrations", logger.INFO, "%s registered with %s" % (name.encode("utf-8"), email.encode("utf-8")))
|
||||
login_user(username, password)
|
||||
|
||||
return { "success": 1, "message": "Success!" }
|
||||
return { "success": 1, "message": "Success!" }
|
||||
|
||||
@blueprint.route("/logout", methods=["GET", "POST"])
|
||||
@api_wrapper
|
||||
def user_logout():
|
||||
sid = session["sid"]
|
||||
username = session["username"]
|
||||
LoginTokens.query.filter_by(sid=sid, username=username).delete()
|
||||
with app.app_context():
|
||||
expired = LoginTokens.query.filter_by(username=username).all()
|
||||
for expired_token in expired: db.session.delete(expired_token)
|
||||
db.session.commit()
|
||||
session.clear()
|
||||
|
||||
@blueprint.route("/login", methods=["POST"])
|
||||
|
|
@ -111,18 +114,18 @@ UserSchema = Schema({
|
|||
}, extra=True)
|
||||
|
||||
def get_user(username=None, username_lower=None, email=None, uid=None):
|
||||
match = {}
|
||||
if username != None:
|
||||
match.update({ "username": username })
|
||||
elif username_lower != None:
|
||||
match.update({ "username_lower": username_lower })
|
||||
elif uid != None:
|
||||
match.update({ "uid": uid })
|
||||
elif email != None:
|
||||
match.update({ "email": email })
|
||||
# elif api.auth.is_logged_in():
|
||||
# match.update({ "uid": api.auth.get_uid() })
|
||||
with app.app_context():
|
||||
match = {}
|
||||
if username != None:
|
||||
match.update({ "username": username })
|
||||
elif username_lower != None:
|
||||
match.update({ "username_lower": username_lower })
|
||||
elif uid != None:
|
||||
match.update({ "uid": uid })
|
||||
elif email != None:
|
||||
match.update({ "email": email })
|
||||
# elif api.auth.is_logged_in():
|
||||
# match.update({ "uid": api.auth.get_uid() })
|
||||
result = Users.query.filter_by(**match)
|
||||
return result
|
||||
|
||||
|
|
@ -134,16 +137,20 @@ def login_user(username, password):
|
|||
|
||||
useragent = request.headers.get("User-Agent")
|
||||
ip = request.remote_addr
|
||||
token = LoginTokens(user.uid, user.username, ua=useragent, ip=ip)
|
||||
|
||||
with app.app_context():
|
||||
expired = LoginTokens.query.filter_by(username=username).all()
|
||||
for expired_token in expired: db.session.delete(expired_token)
|
||||
|
||||
token = LoginTokens(user.uid, user.username, ua=useragent, ip=ip)
|
||||
db.session.add(token)
|
||||
db.session.commit()
|
||||
|
||||
|
||||
session["sid"] = token.sid
|
||||
session["username"] = token.username
|
||||
session["admin"] = user.utype == 0
|
||||
|
||||
return True
|
||||
return True
|
||||
|
||||
def is_logged_in():
|
||||
sid = session["sid"]
|
||||
|
|
|
|||
Loading…
Reference in a new issue