Skip to content

Commit 39d5b74

Browse files
leekahungleekahung
committed
Include conition for flask session
1 parent 9eb0438 commit 39d5b74

File tree

2 files changed

+5
-1
lines changed

2 files changed

+5
-1
lines changed

backend/tenantfirstaid/app.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
from pathlib import Path
2-
from flask import Flask, jsonify, session
2+
from flask import Flask, jsonify, session, abort
33
from flask_mailman import Mail
44
from flask_limiter import Limiter
55
from flask_limiter.util import get_remote_address
@@ -87,6 +87,9 @@ def clear_session():
8787

8888
@limiter.limit("3 per minute")
8989
def feedback_route():
90+
if not session.get("site_user"):
91+
abort(403, "Unauthorized: session missing")
92+
9093
return send_feedback()
9194

9295

backend/tenantfirstaid/session.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ def get_flask_session_id(self) -> str:
4646
if not session_id:
4747
session_id = str(uuid.uuid4())
4848
session["session_id"] = session_id
49+
session["site_user"] = True
4950

5051
@after_this_request
5152
def save_session(response: Response) -> Response:

0 commit comments

Comments
 (0)