Commit 62c16e09 authored by echel0n's avatar echel0n

Split `_sr` cookie into 2 seperate cookies to help deal with length violations.

parent efb8215f
......@@ -100,17 +100,18 @@ class BaseHandler(RequestHandler, ABC):
webroot=sickrage.app.config.web_root))
def get_current_user(self):
cookie = self.get_secure_cookie('_sr')
if not cookie:
return
try:
token = json.loads(cookie.decode("utf-8"))
access_token = self.get_secure_cookie('_sr_access_token')
refresh_token = self.get_secure_cookie('_sr_refresh_token')
if not all([access_token, refresh_token]):
return
try:
return sickrage.app.oidc_client.decode_token(token['access_token'], sickrage.app.oidc_client.certs())
return sickrage.app.oidc_client.decode_token(access_token.decode("utf-8"), sickrage.app.oidc_client.certs())
except (KeycloakClientError, ExpiredSignatureError):
token = sickrage.app.oidc_client.refresh_token(token['refresh_token'])
self.set_secure_cookie('_sr', json.dumps({'access_token': token['access_token'], 'refresh_token': token['refresh_token']}))
token = sickrage.app.oidc_client.refresh_token(refresh_token.decode("utf-8"))
self.set_secure_cookie('_sr_access_token', token['access_token'])
self.set_secure_cookie('_sr_refresh_token', token['refresh_token'])
return sickrage.app.oidc_client.decode_token(token['access_token'], sickrage.app.oidc_client.certs())
except Exception as e:
sickrage.app.log.debug('{!r}'.format(e))
......
......@@ -38,7 +38,8 @@ class LoginHandler(BaseHandler, ABC):
token = sickrage.app.oidc_client.authorization_code(code, redirect_uri)
decoded_token = sickrage.app.oidc_client.decode_token(token['access_token'], sickrage.app.oidc_client.certs())
self.set_secure_cookie('_sr', json.dumps({'access_token': token['access_token'], 'refresh_token': token['refresh_token']}))
self.set_secure_cookie('_sr_access_token', token['access_token'])
self.set_secure_cookie('_sr_refresh_token', token['refresh_token'])
if not decoded_token.get('sub'):
return self.redirect('/logout')
......
......@@ -29,6 +29,7 @@ class LogoutHandler(BaseHandler, ABC):
logout_uri = sickrage.app.oidc_client.get_url('end_session_endpoint')
redirect_uri = "{}://{}{}/login".format(self.request.protocol, self.request.host, sickrage.app.config.web_root)
self.clear_cookie('_sr')
self.clear_cookie('_sr_access_token')
self.clear_cookie('_sr_refresh_token')
return super(BaseHandler, self).redirect('{}?redirect_uri={}'.format(logout_uri, redirect_uri))
......@@ -443,7 +443,7 @@ class Tvdb:
# get response from theTVDB
resp = WebSession(cache=self.config['cache_enabled']).request(
method, urljoin(self.config['api']['base'], url), headers=self.config['headers'],
timeout=sickrage.app.config.indexer_timeout, **kwargs
timeout=sickrage.app.config.indexer_timeout, verify=False, **kwargs
)
resp.raise_for_status()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment