Fix session security: clear stale sessions after DB rebuild
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m25s
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m25s
Two issues fixed: - Sessions with uid but no grant_token (legacy or corrupt) were not validated at all, allowing a user to be logged in as whoever got their old numeric user ID after a DB rebuild - DB errors during grant verification silently kept stale sessions alive; now treated as invalid to fail-safe Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -175,6 +175,13 @@ def create_base_app(
|
|||||||
auth_redis = None
|
auth_redis = None
|
||||||
|
|
||||||
# Case 1: logged in — verify grant still valid (direct DB, cached)
|
# Case 1: logged in — verify grant still valid (direct DB, cached)
|
||||||
|
if uid and not grant_token:
|
||||||
|
# Legacy session without grant token — clear it
|
||||||
|
qs.pop("uid", None)
|
||||||
|
qs.pop("cart_sid", None)
|
||||||
|
g.user = None
|
||||||
|
uid = None
|
||||||
|
|
||||||
if uid and grant_token:
|
if uid and grant_token:
|
||||||
cache_key = f"grant:{grant_token}"
|
cache_key = f"grant:{grant_token}"
|
||||||
if auth_redis:
|
if auth_redis:
|
||||||
@@ -201,7 +208,7 @@ def create_base_app(
|
|||||||
)
|
)
|
||||||
valid = grant is not None and grant.revoked_at is None
|
valid = grant is not None and grant.revoked_at is None
|
||||||
except Exception:
|
except Exception:
|
||||||
return # DB error — don't log user out
|
valid = False # DB error — treat as invalid
|
||||||
|
|
||||||
if auth_redis:
|
if auth_redis:
|
||||||
await auth_redis.set(cache_key, b"ok" if valid else b"revoked", ex=60)
|
await auth_redis.set(cache_key, b"ok" if valid else b"revoked", ex=60)
|
||||||
|
|||||||
Reference in New Issue
Block a user