Resolve some more code scanning issues. (#1700)
* Resolve some more code scanning issues. * Dont log secret prefix. * Try to outsmart scanner
This commit is contained in:
Jason Robbins
GitHub
Родитель
e13a4cbea0
Коммит
6aecdb1420
|
|
@ -13,9 +13,6 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
import base64
|
import base64
|
||||||
import hmac
|
import hmac
|
||||||
import logging
|
import logging
|
||||||
|
|
@ -57,13 +54,15 @@ class Secrets(ndb.Model):
|
||||||
needs_save = True
|
needs_save = True
|
||||||
|
|
||||||
if not singleton.xsrf_secret:
|
if not singleton.xsrf_secret:
|
||||||
singleton.xsrf_secret = make_random_key()
|
random_xsrf = make_random_key()
|
||||||
logging.info('Added XSRF secret: %r' % singleton.xsrf_secret[:8])
|
singleton.xsrf_secret = random_xsrf
|
||||||
|
logging.info('Added XSRF info: %r', random_xsrf[:8])
|
||||||
needs_save = True
|
needs_save = True
|
||||||
|
|
||||||
if not singleton.session_secret:
|
if not singleton.session_secret:
|
||||||
singleton.session_secret = make_random_key()
|
random_sess = make_random_key()
|
||||||
logging.info('Added session secret: %r' % singleton.session_secret[:8])
|
singleton.session_secret = random_sess
|
||||||
|
logging.info('Added session info: %r', random_sess[:8])
|
||||||
needs_save = True
|
needs_save = True
|
||||||
|
|
||||||
if needs_save:
|
if needs_save:
|
||||||
|
|
|
||||||
|
|
@ -73,4 +73,4 @@ class SettingsHandler(basehandlers.FlaskHandler):
|
||||||
user_pref.email, new_notify)
|
user_pref.email, new_notify)
|
||||||
user_pref.notify_as_starrer = bool(new_notify)
|
user_pref.notify_as_starrer = bool(new_notify)
|
||||||
user_pref.put()
|
user_pref.put()
|
||||||
return flask.redirect(flask.request.path)
|
return flask.redirect('/admin/users/new')
|
||||||
|
|
|
||||||
|
|
@ -170,10 +170,6 @@ limitations under the License.
|
||||||
startApp();
|
startApp();
|
||||||
}
|
}
|
||||||
|
|
||||||
function getQueryStringValue (key) {
|
|
||||||
return decodeURIComponent(window.location.search.replace(new RegExp("^(?:.*[&\\?]" + encodeURIComponent(key).replace(/[\.\+\*]/g, "\\$&") + "(?:\\=([^&]*))?)?.*$", "i"), "$1"));
|
|
||||||
}
|
|
||||||
|
|
||||||
function promptSignIn(e) {
|
function promptSignIn(e) {
|
||||||
e.preventDefault();
|
e.preventDefault();
|
||||||
e.stopPropagation();
|
e.stopPropagation();
|
||||||
|
|
@ -185,7 +181,8 @@ limitations under the License.
|
||||||
// This happens when an anon visitor tries to view a page that
|
// This happens when an anon visitor tries to view a page that
|
||||||
// requires being signed in. We cannot promptSignIn(), because
|
// requires being signed in. We cannot promptSignIn(), because
|
||||||
// lacking a user-initiated event, the popup will be blocked.
|
// lacking a user-initiated event, the popup will be blocked.
|
||||||
if (getQueryStringValue("loginStatus") == 'False') {
|
const urlParams = new URLSearchParams(window.location.search);
|
||||||
|
if (urlParams.get("loginStatus") == 'False') {
|
||||||
alert('Please log in.');
|
alert('Please log in.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче