Closes #15 (Thanks mwinstead3790), various fixes

2025-12-17 22:14:25 +01:00 · 2015-03-14 23:01:21 -04:00
parent b4dd54d36a
commit f2484c519a
7 changed files with 111 additions and 31 deletions
--- a/CTFd/auth.py
+++ b/CTFd/auth.py
@@ -105,7 +105,10 @@ Did you initiate a password reset?
            # team = Teams.query.filter_by(name=request.form['name'], password=sha512(request.form['password'])).first()
            team = Teams.query.filter_by(name=request.form['name']).first()
            if team and bcrypt_sha256.verify(request.form['password'], team.password):
-                # session.regenerate() # NO SESSION FIXATION FOR YOU
+                try:
+                    session.regenerate() # NO SESSION FIXATION FOR YOU
+                except:
+                    pass # TODO: Some session objects don't implement regenerate :(
                session['username'] = team.name
                session['id'] = team.id
                session['admin'] = team.admin