Mercurial > p > roundup > code

diff roundup/cgi/templating.py @ 5211:f4b6a2a3e605

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix expiration dates and expire csrf tokens properly In client.py: add explicit expiration of csrf tokens to handle_csrf. There is a clean_up() that runs on every client connection before handle)csrf is invoked, but it only cleans every hour. With short lived tokens this is insufficient. Also remove debugging. In templating.py fix values for seconds/week and minutes per week. The original values were shifted/transposed and an order of magnitude off. In test_templating.py again fix seconds/week constant.
author John Rouillard <rouilj@ieee.org>
date Sun, 19 Mar 2017 17:10:13 -0400
parents 47bd81998ddc
children 17b213eab274
line wrap: on
line diff
--- a/roundup/cgi/templating.py	Sun Mar 19 15:32:14 2017 -0400
+++ b/roundup/cgi/templating.py	Sun Mar 19 17:10:13 2017 -0400
@@ -97,12 +97,13 @@
     # That's the cleanup period hardcoded in otk.clean().
     # If a user wants a 10 minute lifetime calculate
     # 10 minutes newer than 1 week ago.
-    #   lifetime - 10800 (number of minutes in a week)
+    #   lifetime - 10080 (number of minutes in a week)
     # convert to seconds and add (possible negative number)
-    # from time.time().
+    # to current time (time.time()).
+    ts = time.time() + ((lifetime - 10080) * 60)
     otks.set(key, uid=client.db.getuid(),
              sid=client.session_api._sid,
-             __timestamp=time.time() + ((lifetime - 10800) * 60) )
+             __timestamp=ts )
     client.db.commit()
     return key
Roundup Issue Tracker: http://roundup-tracker.org/