From 8e443bd510649425af3dc1abad5e97398a63354a Mon Sep 17 00:00:00 2001 From: Vivek Pathak Date: Fri, 24 Jan 2025 21:03:57 +0530 Subject: [PATCH 1/3] fix construction of cookie using user supplied input --- kolibri/core/auth/api.py | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/kolibri/core/auth/api.py b/kolibri/core/auth/api.py index 3a6e1bfa9f6..0dbc2a5debe 100644 --- a/kolibri/core/auth/api.py +++ b/kolibri/core/auth/api.py @@ -1046,17 +1046,23 @@ def get_session_response(self, request): if isinstance(user, AnonymousUser): response = Response(session) - if not request.COOKIES.get("visitor_id"): + try: + existing_visitor_id = request.COOKIES.get("visitor_id") + if existing_visitor_id: + UUID(existing_visitor_id, version=4) + response.set_cookie( + "visitor_id", existing_visitor_id, expires=visitor_cookie_expiry + ) + else: + visitor_id = str(uuid4().hex) + response.set_cookie( + "visitor_id", visitor_id, expires=visitor_cookie_expiry + ) + except (ValueError, TypeError): visitor_id = str(uuid4().hex) response.set_cookie( "visitor_id", visitor_id, expires=visitor_cookie_expiry ) - else: - response.set_cookie( - "visitor_id", - request.COOKIES.get("visitor_id"), - expires=visitor_cookie_expiry, - ) return response # Set last activity on session to the current time to prevent session timeout # Only do this for logged in users, as anonymous users cannot get logged out! From a4e0df8f6b707be9fa3981ba27629102f52b6d6c Mon Sep 17 00:00:00 2001 From: Vivek Pathak Date: Fri, 31 Jan 2025 23:55:48 +0530 Subject: [PATCH 2/3] if else typeerror fixes --- kolibri/core/auth/api.py | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/kolibri/core/auth/api.py b/kolibri/core/auth/api.py index 0dbc2a5debe..099474868dd 100644 --- a/kolibri/core/auth/api.py +++ b/kolibri/core/auth/api.py @@ -1047,22 +1047,14 @@ def get_session_response(self, request): if isinstance(user, AnonymousUser): response = Response(session) try: - existing_visitor_id = request.COOKIES.get("visitor_id") - if existing_visitor_id: - UUID(existing_visitor_id, version=4) - response.set_cookie( - "visitor_id", existing_visitor_id, expires=visitor_cookie_expiry - ) + visitor_id = request.COOKIES.get("visitor_id") + if visitor_id: + UUID(visitor_id, version=4) else: - visitor_id = str(uuid4().hex) - response.set_cookie( - "visitor_id", visitor_id, expires=visitor_cookie_expiry - ) + raise ValueError except (ValueError, TypeError): - visitor_id = str(uuid4().hex) - response.set_cookie( - "visitor_id", visitor_id, expires=visitor_cookie_expiry - ) + visitor_id = uuid4().hex + response.set_cookie("visitor_id", visitor_id, expires=visitor_cookie_expiry) return response # Set last activity on session to the current time to prevent session timeout # Only do this for logged in users, as anonymous users cannot get logged out! From bf4797af8ad7f21a33712170fadbdf13bc52bf07 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci-lite[bot]" <117423508+pre-commit-ci-lite[bot]@users.noreply.github.com> Date: Fri, 31 Jan 2025 22:06:49 +0000 Subject: [PATCH 3/3] [pre-commit.ci lite] apply automatic fixes --- kolibri/core/auth/api.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kolibri/core/auth/api.py b/kolibri/core/auth/api.py index 099474868dd..49bf9fa1c1b 100644 --- a/kolibri/core/auth/api.py +++ b/kolibri/core/auth/api.py @@ -1049,11 +1049,11 @@ def get_session_response(self, request): try: visitor_id = request.COOKIES.get("visitor_id") if visitor_id: - UUID(visitor_id, version=4) + UUID(visitor_id, version=4) else: - raise ValueError + raise ValueError except (ValueError, TypeError): - visitor_id = uuid4().hex + visitor_id = uuid4().hex response.set_cookie("visitor_id", visitor_id, expires=visitor_cookie_expiry) return response # Set last activity on session to the current time to prevent session timeout