delete tokens after logout
This commit is contained in:
parent
252ed8ab9b
commit
41ea9b0ed3
|
@ -12,6 +12,7 @@ class Users(db.Model):
|
|||
username_lower = db.Column(db.String(64), unique=True)
|
||||
email = db.Column(db.String(64), unique=True)
|
||||
password = db.Column(db.String(128))
|
||||
admin = db.Column(db.Boolean)
|
||||
utype = db.Column(db.Integer)
|
||||
|
||||
def __init__(self, name, username, email, password, utype=1):
|
||||
|
@ -21,6 +22,7 @@ class Users(db.Model):
|
|||
self.email = email.lower()
|
||||
self.password = utils.hash_password(password)
|
||||
self.utype = utype
|
||||
self.admin = False
|
||||
|
||||
class Teams(db.Model):
|
||||
tid = db.Column(db.Integer, primary_key=True)
|
||||
|
|
|
@ -48,7 +48,10 @@ def user_register():
|
|||
def user_logout():
|
||||
sid = session["sid"]
|
||||
username = session["username"]
|
||||
LoginTokens.query.filter_by(sid=sid, username=username).delete()
|
||||
with app.app_context():
|
||||
expired = LoginTokens.query.filter_by(username=username).all()
|
||||
for expired_token in expired: db.session.delete(expired_token)
|
||||
db.session.commit()
|
||||
session.clear()
|
||||
|
||||
@blueprint.route("/login", methods=["POST"])
|
||||
|
@ -111,7 +114,6 @@ UserSchema = Schema({
|
|||
}, extra=True)
|
||||
|
||||
def get_user(username=None, username_lower=None, email=None, uid=None):
|
||||
with app.app_context():
|
||||
match = {}
|
||||
if username != None:
|
||||
match.update({ "username": username })
|
||||
|
@ -123,6 +125,7 @@ def get_user(username=None, username_lower=None, email=None, uid=None):
|
|||
match.update({ "email": email })
|
||||
# elif api.auth.is_logged_in():
|
||||
# match.update({ "uid": api.auth.get_uid() })
|
||||
with app.app_context():
|
||||
result = Users.query.filter_by(**match)
|
||||
return result
|
||||
|
||||
|
@ -134,8 +137,12 @@ def login_user(username, password):
|
|||
|
||||
useragent = request.headers.get("User-Agent")
|
||||
ip = request.remote_addr
|
||||
token = LoginTokens(user.uid, user.username, ua=useragent, ip=ip)
|
||||
|
||||
with app.app_context():
|
||||
expired = LoginTokens.query.filter_by(username=username).all()
|
||||
for expired_token in expired: db.session.delete(expired_token)
|
||||
|
||||
token = LoginTokens(user.uid, user.username, ua=useragent, ip=ip)
|
||||
db.session.add(token)
|
||||
db.session.commit()
|
||||
|
||||
|
|
Loading…
Reference in a new issue