Make sure if we are going to treat the cookie as valid, it's actually a user id of the proper type.
This commit is contained in:
Jake Moshenko
parent
60e45f700f
commit
f9b8319835
1 changed files with 7 additions and 0 deletions
|
|
@ -1,6 +1,7 @@
|
|||
import logging
|
||||
|
||||
from functools import wraps
|
||||
from uuid import UUID
|
||||
from datetime import datetime
|
||||
from flask import request, session
|
||||
from flask.ext.principal import identity_changed, Identity
|
||||
|
|
@ -23,6 +24,12 @@ logger = logging.getLogger(__name__)
|
|||
|
||||
def _load_user_from_cookie():
|
||||
if not current_user.is_anonymous():
|
||||
try:
|
||||
# Attempt to parse the user uuid to make sure the cookie has the right value type
|
||||
UUID(current_user.get_id())
|
||||
except ValueError:
|
||||
return None
|
||||
|
||||
logger.debug('Loading user from cookie: %s', current_user.get_id())
|
||||
set_authenticated_user_deferred(current_user.get_id())
|
||||
loaded = QuayDeferredPermissionUser(current_user.get_id(), 'user_uuid', {scopes.DIRECT_LOGIN})
|
||||
|
|
|
|||
Reference in a new issue