autonomic-cooperative/capsul-flask
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

fix a bug where accumulating stale login tokens can lock out an account

Browse Source
This commit is contained in:
forest 2021-01-31 18:02:46 -06:00
parent cbe658b7ae
commit 645ddede02
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
capsulflask/db_model.py
View File

@ -21,7 +21,7 @@ class DBModel:
if hasExactMatch == 0: if hasExactMatch == 0:
self.cursor.execute("INSERT INTO accounts (email, lower_case_email) VALUES (%s, %s)", (email, email.lower())) self.cursor.execute("INSERT INTO accounts (email, lower_case_email) VALUES (%s, %s)", (email, email.lower()))
self.cursor.execute("SELECT token FROM login_tokens WHERE email = %s", (email, )) self.cursor.execute("SELECT token FROM login_tokens WHERE email = %s and created > (NOW() - INTERVAL '20 min')", (email, ))
if len(self.cursor.fetchall()) > 2: if len(self.cursor.fetchall()) > 2:
return (None, ignoreCaseMatches) return (None, ignoreCaseMatches)