Skip to content

Commit

Permalink
Override token contents when reusing sessions (#5640)
Browse files Browse the repository at this point in the history
  • Loading branch information
@philippjfr
philippjfr authored Oct 16, 2023
1 parent 7ca9620 commit a6dcce9
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions panel/io/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -481,6 +481,35 @@ async def get_session(self):
session.block_expiration()
return session

def _token_payload(self):
app = self.application
if app.include_headers is None:
excluded_headers = (app.exclude_headers or [])
allowed_headers = [header for header in self.request.headers
if header not in excluded_headers]
else:
allowed_headers = app.include_headers
headers = {k: v for k, v in self.request.headers.items()
if k in allowed_headers}

if app.include_cookies is None:
excluded_cookies = (app.exclude_cookies or [])
allowed_cookies = [cookie for cookie in self.request.cookies
if cookie not in excluded_cookies]
else:
allowed_cookies = app.include_cookies
cookies = {k: v.value for k, v in self.request.cookies.items()
if k in allowed_cookies}

if cookies and 'Cookie' in headers and 'Cookie' not in (app.include_headers or []):
# Do not include Cookie header since cookies can be restored from cookies dict
del headers['Cookie']

arguments = {} if self.request.arguments is None else self.request.arguments
payload = {'headers': headers, 'cookies': cookies, 'arguments': arguments}
payload.update(self.application_context.application.process_request(self.request))
return payload

@authenticated
async def get(self, *args, **kwargs):
app = self.application
Expand All @@ -494,6 +523,7 @@ async def get(self, *args, **kwargs):
signed=self.application.sign_sessions
)
payload = get_token_payload(session.token)
payload.update(self._token_payload())
del payload['session_expiry']
token = generate_jwt_token(
session_id,
Expand Down

0 comments on commit a6dcce9

Please sign in to comment.