libervia-web: libervia/web/pages/chat/select/_browser/__init_

annotate libervia/web/pages/chat/select/_browser/init.py @ 1598:86c7a3a625d5

server: always start a new session on connection: The session was kept when a user was connecting from service profile (but not from other profiles), this was leading to session fixation vulnerability (an attacker on the same machine could get service profile session cookie, and use it when a victim would log-in). This patch fixes it by always starting a new session on connection. fix 443

author	Goffi <goffi@goffi.org>
date	Fri, 23 Feb 2024 13:35:24 +0100
parents	c6976c5b85a1
children

rev	line source
1548 66aa6e140ebb browser: make `jid_search` more generic: Goffi <goffi@goffi.org> parents: 1547 diff changeset	1
1547 383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	2 from bridge import AsyncBridge as Bridge
1593 c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	3 from browser import console as log, document
1548 66aa6e140ebb browser: make `jid_search` more generic: Goffi <goffi@goffi.org> parents: 1547 diff changeset	4 from cache import cache
1547 383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	5 from jid_search import JidSearch
383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	6
1593 c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	7 bridge = Bridge()
1547 383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	8 log.warning = log.warn
383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	9
383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	10
1593 c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	11 async def empty_search(jid_search):
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	12 # FIXME: this is Q&D way to add bookmarks, a proper handling of joined room must be
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	13 # done
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	14 items = [
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	15 {
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	16 "entity": jid_,
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	17 "groups": data["groups"]
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	18 }
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	19 for jid_, data in cache.roster.items()
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	20 ]
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	21 bookmarks = await bridge.bookmarks_list("muc", "all")
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	22 for bm_values in list(bookmarks.values()):
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	23 for room_jid, room_data in bm_values.items():
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	24 items.append({"entity": room_jid})
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	25 jid_search.show_items(items)
c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	26
1547 383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	27 jid_search = JidSearch(
383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	28 document["search"],
1548 66aa6e140ebb browser: make `jid_search` more generic: Goffi <goffi@goffi.org> parents: 1547 diff changeset	29 document["chat_items"],
1593 c6976c5b85a1 browser (chat/select): add bookmarked entities on empty search Goffi <goffi@goffi.org> parents: 1548 diff changeset	30 empty_cb = empty_search
1547 383e1fee29f6 browser (chat/select): update dynamically JID items when search box is used Goffi <goffi@goffi.org> parents: diff changeset	31 )

Mercurial > libervia-web

annotate libervia/web/pages/chat/select/_browser/__init__.py @ 1598:86c7a3a625d5

annotate libervia/web/pages/chat/select/_browser/init.py @ 1598:86c7a3a625d5