Skip to content

Fix the bug that user may logout if he switch pages too fast #29962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 21, 2024
Merged

Fix the bug that user may logout if he switch pages too fast #29962

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6cce2e1
Fix the bug user may logout if he switch pages too fast
lunny Mar 21, 2024
da649cb
Update services/auth/session.go
wxiaoguang Mar 21, 2024
92683ee
Merge branch 'main' into lunny/fix_bug_wrongly_logout
GiteaBot Mar 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 9 additions & 17 deletions services/auth/session.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
package auth

import (
"context"
"net/http"

user_model "code.gitea.io/gitea/models/user"
Expand All @@ -29,40 +28,33 @@ func (s *Session) Name() string {
// object for that uid.
// Returns nil if there is no user uid stored in the session.
func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
user := SessionUser(req.Context(), sess)
if user != nil {
return user, nil
}
return nil, nil
}

// SessionUser returns the user object corresponding to the "uid" session variable.
func SessionUser(ctx context.Context, sess SessionStore) *user_model.User {
if sess == nil {
return nil
return nil, nil
}

// Get user ID
uid := sess.Get("uid")
if uid == nil {
return nil
return nil, nil
}
log.Trace("Session Authorization: Found user[%d]", uid)

id, ok := uid.(int64)
if !ok {
return nil
return nil, nil
}

// Get user object
user, err := user_model.GetUserByID(ctx, id)
user, err := user_model.GetUserByID(req.Context(), id)
if err != nil {
if !user_model.IsErrUserNotExist(err) {
log.Error("GetUserById: %v", err)
log.Error("GetUserByID: %v", err)
// Return the err as-is to keep current signed-in session, in case the err is something like context.Canceled. Otherwise non-existing user (nil, nil) will make the caller clear the signed-in session.
return nil, err
}
return nil
return nil, nil
}

log.Trace("Session Authorization: Logged in user %-v", user)
return user
return user, nil
}