jason/cpolis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 49 Wiki Activity

Fixed a bug that let users get around verification.

Browse Source
This commit is contained in:
Jason Streifling 2024-08-18 11:40:03 +02:00
parent 61bfa85b13
commit 8115c50974
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/frontend/verification.go
View File

@ -1,6 +1,7 @@
package frontend
import (
"errors"
"html/template"
"net/http"
@ -10,13 +11,19 @@ import (
// getSession is used for verifying that the user is logged in and returns their session and an error.
func getSession(w http.ResponseWriter, r *http.Request, c *b.Config, s *b.CookieStore) (*sessions.Session, error) {
msg := "Keine gültige Session. Bitte erneut anmelden."
tmpl, tmplErr := template.ParseFiles(c.WebDir+"/templates/index.html", c.WebDir+"/templates/login.html")
session, err := s.Get(r, "cookie")
if err != nil {
msg := "Session nicht mehr gültig. Bitte erneut anmelden."
tmpl, tmplErr := template.ParseFiles(c.WebDir + "/templates/login.html")
template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg)
return nil, err
}
if session.IsNew {
template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", msg)
return session, errors.New("error: no existing session")
}
return session, nil
}