Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-27 23:25:22 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(auth): clean up rename and null-owner ownership (#4340)

Browse Source
This commit is contained in:
RaresKeY
2026-06-16 05:33:02 +03:00
committed by GitHub
parent 745c10e0d7
commit 4d10c16d02
14 changed files with 557 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/auth.py
+10 -6
View File
@@ -573,16 +573,20 @@ class AuthManager:
return None
return self.create_session_trusted(username)
def create_session_trusted(self, username: str) -> str:
def create_session_trusted(self, username: str) -> Optional[str]:
"""Issue a session token for an already-verified user.
Call only after verify_password (and TOTP if enabled) have passed."""
username = username.strip().lower()
token = secrets.token_hex(32)
with self._sessions_lock:
self._sessions[token] = {
"username": username,
"expiry": time.time() + TOKEN_TTL,
}
with self._config_lock:
if username not in self.users:
logger.warning("Refused to issue session for missing user '%s'", username)
return None
with self._sessions_lock:
self._sessions[token] = {
"username": username,
"expiry": time.time() + TOKEN_TTL,
}
self._save_sessions()
return token