nonshy
/
website
1
0
Fork 1
Code Issues 20 Pull Requests Packages Projects Releases Wiki Activity

Don't ping LastLoginAt when impersonated

pull/12/head
Noah 2022-09-07 22:19:26 -07:00
parent 5d19692023
commit bb26c976d3
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/middleware/authentication.go
View File

@ -40,8 +40,8 @@ func LoginRequired(handler http.Handler) http.Handler {
return
}
// Ping LastLoginAt for long lived sessions.
if time.Since(user.LastLoginAt) > config.LastLoginAtCooldown {
// Ping LastLoginAt for long lived sessions, but not if impersonated.
if time.Since(user.LastLoginAt) > config.LastLoginAtCooldown && !session.Impersonated(r) {
user.LastLoginAt = time.Now()
if err := user.Save(); err != nil {
log.Error("LoginRequired: couldn't refresh LastLoginAt for user %s: %s", user.Username, err)

2
pkg/session/session.go
View File

@ -170,8 +170,6 @@ func ImpersonateUser(w http.ResponseWriter, r *http.Request, u *models.User, imp
sess.Impersonator = impersonator.ID
sess.Save(w)
// Ping the user's last login time.
u.LastLoginAt = time.Now()
return u.Save()
}