delete tokens after logout
This commit is contained in:
parent
252ed8ab9b
commit
41ea9b0ed3
|
@ -12,6 +12,7 @@ class Users(db.Model):
|
||||||
username_lower = db.Column(db.String(64), unique=True)
|
username_lower = db.Column(db.String(64), unique=True)
|
||||||
email = db.Column(db.String(64), unique=True)
|
email = db.Column(db.String(64), unique=True)
|
||||||
password = db.Column(db.String(128))
|
password = db.Column(db.String(128))
|
||||||
|
admin = db.Column(db.Boolean)
|
||||||
utype = db.Column(db.Integer)
|
utype = db.Column(db.Integer)
|
||||||
|
|
||||||
def __init__(self, name, username, email, password, utype=1):
|
def __init__(self, name, username, email, password, utype=1):
|
||||||
|
@ -21,6 +22,7 @@ class Users(db.Model):
|
||||||
self.email = email.lower()
|
self.email = email.lower()
|
||||||
self.password = utils.hash_password(password)
|
self.password = utils.hash_password(password)
|
||||||
self.utype = utype
|
self.utype = utype
|
||||||
|
self.admin = False
|
||||||
|
|
||||||
class Teams(db.Model):
|
class Teams(db.Model):
|
||||||
tid = db.Column(db.Integer, primary_key=True)
|
tid = db.Column(db.Integer, primary_key=True)
|
||||||
|
|
|
@ -48,7 +48,10 @@ def user_register():
|
||||||
def user_logout():
|
def user_logout():
|
||||||
sid = session["sid"]
|
sid = session["sid"]
|
||||||
username = session["username"]
|
username = session["username"]
|
||||||
LoginTokens.query.filter_by(sid=sid, username=username).delete()
|
with app.app_context():
|
||||||
|
expired = LoginTokens.query.filter_by(username=username).all()
|
||||||
|
for expired_token in expired: db.session.delete(expired_token)
|
||||||
|
db.session.commit()
|
||||||
session.clear()
|
session.clear()
|
||||||
|
|
||||||
@blueprint.route("/login", methods=["POST"])
|
@blueprint.route("/login", methods=["POST"])
|
||||||
|
@ -111,7 +114,6 @@ UserSchema = Schema({
|
||||||
}, extra=True)
|
}, extra=True)
|
||||||
|
|
||||||
def get_user(username=None, username_lower=None, email=None, uid=None):
|
def get_user(username=None, username_lower=None, email=None, uid=None):
|
||||||
with app.app_context():
|
|
||||||
match = {}
|
match = {}
|
||||||
if username != None:
|
if username != None:
|
||||||
match.update({ "username": username })
|
match.update({ "username": username })
|
||||||
|
@ -123,6 +125,7 @@ def get_user(username=None, username_lower=None, email=None, uid=None):
|
||||||
match.update({ "email": email })
|
match.update({ "email": email })
|
||||||
# elif api.auth.is_logged_in():
|
# elif api.auth.is_logged_in():
|
||||||
# match.update({ "uid": api.auth.get_uid() })
|
# match.update({ "uid": api.auth.get_uid() })
|
||||||
|
with app.app_context():
|
||||||
result = Users.query.filter_by(**match)
|
result = Users.query.filter_by(**match)
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
@ -134,8 +137,12 @@ def login_user(username, password):
|
||||||
|
|
||||||
useragent = request.headers.get("User-Agent")
|
useragent = request.headers.get("User-Agent")
|
||||||
ip = request.remote_addr
|
ip = request.remote_addr
|
||||||
token = LoginTokens(user.uid, user.username, ua=useragent, ip=ip)
|
|
||||||
with app.app_context():
|
with app.app_context():
|
||||||
|
expired = LoginTokens.query.filter_by(username=username).all()
|
||||||
|
for expired_token in expired: db.session.delete(expired_token)
|
||||||
|
|
||||||
|
token = LoginTokens(user.uid, user.username, ua=useragent, ip=ip)
|
||||||
db.session.add(token)
|
db.session.add(token)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue