nonshy/website
nonshy/website
1
0
Fork 0
Code Issues 20 Pull Requests 1 Packages Projects Releases Wiki Activity

Don't ping LastLoginAt when impersonated

Browse Source
This commit is contained in:
Noah 2022-09-07 22:19:26 -07:00
parent 5d19692023
commit bb26c976d3
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/middleware/authentication.go
View File

@ -40,8 +40,8 @@ func LoginRequired(handler http.Handler) http.Handler {
return return
} }
// Ping LastLoginAt for long lived sessions. // Ping LastLoginAt for long lived sessions, but not if impersonated.
if time.Since(user.LastLoginAt) > config.LastLoginAtCooldown { if time.Since(user.LastLoginAt) > config.LastLoginAtCooldown && !session.Impersonated(r) {
user.LastLoginAt = time.Now() user.LastLoginAt = time.Now()
if err := user.Save(); err != nil { if err := user.Save(); err != nil {
log.Error("LoginRequired: couldn't refresh LastLoginAt for user %s: %s", user.Username, err) log.Error("LoginRequired: couldn't refresh LastLoginAt for user %s: %s", user.Username, err)

2
pkg/session/session.go
View File

@ -170,8 +170,6 @@ func ImpersonateUser(w http.ResponseWriter, r *http.Request, u *models.User, imp
sess.Impersonator = impersonator.ID sess.Impersonator = impersonator.ID
sess.Save(w) sess.Save(w)
// Ping the user's last login time.
u.LastLoginAt = time.Now()
return u.Save() return u.Save()
} }