Merge pull request #332 feature-NEWDWH2021-1404 into develop-fix-webapp-vulnerability

2024-01-18 14:24:39 +09:00 · 2024-01-18 14:24:39 +09:00 · 565f776a5c
commit 565f776a5c
parent 3ce4bd9d6b 6371924bd9
2 changed files with 83 additions and 69 deletions
--- a/ecs/jskult-webapp/src/controller/logout.py
+++ b/ecs/jskult-webapp/src/controller/logout.py
@ -1,50 +1,57 @@
-from typing import Optional, Union
-
-from fastapi import APIRouter, Depends, Request
-from fastapi.responses import HTMLResponse
-
-from src.depends.auth import get_current_session
-from src.model.internal.session import UserSession
-from src.model.view.logout_view_model import LogoutViewModel
-from src.system_var import constants
-from src.templates import templates
-
-router = APIRouter()
-
-#########################
-# Views                 #
-#########################
-
-
-@router.get('/', response_class=HTMLResponse)
-def logout_view(
-    request: Request,
-    reason: Optional[str] = None,
-    session: Union[UserSession, None] = Depends(get_current_session)
-):
-    # どういうルートでログインしたかを判断するため、refererを取得
-    referer = request.headers.get('referer', '')
-
-    redirect_to = '/login/userlogin'
-    link_text = 'MeDaCA機能メニューへ'
-    # セッションが切れておらず、メンテユーザである、またはメンテログイン画面から遷移した場合、メンテログイン画面に戻す
-    if (session is not None and session.user_flg == str(constants.PERMISSION_ENABLED)) \
-            or referer.endswith('maintlogin'):
-        redirect_to = '/login/maintlogin'
-        link_text = 'Login画面に戻る'
-
-    logout = LogoutViewModel(
-        redirect_to=redirect_to,
-        reason=constants.LOGOUT_REASON_MESSAGE_MAP.get(reason, ''),
-        link_text=link_text
-    )
-    template_response = templates.TemplateResponse(
-        'logout.html',
-        {
-            'request': request,
-            'logout': logout,
-        }
-    )
-    # クッキーを削除
-    template_response.delete_cookie('session')
-    return template_response
+from typing import Optional, Union
+
+from fastapi import APIRouter, Depends, Request
+from fastapi.responses import HTMLResponse
+
+from src.depends.auth import get_current_session
+from src.model.internal.session import UserSession
+from src.model.view.logout_view_model import LogoutViewModel
+from src.system_var import constants
+from src.templates import templates
+from src.services import session_service
+
+router = APIRouter()
+
+#########################
+# Views                 #
+#########################
+    
+
+
+@router.get('/', response_class=HTMLResponse)
+def logout_view(
+    request: Request,
+    reason: Optional[str] = None,
+    session: Union[UserSession, None] = Depends(get_current_session)
+):
+    # どういうルートでログインしたかを判断するため、refererを取得
+    referer = request.headers.get('referer', '')
+
+    redirect_to = '/login/userlogin'
+    link_text = 'MeDaCA機能メニューへ'
+    # セッションが切れておらず、メンテユーザである、またはメンテログイン画面から遷移した場合、メンテログイン画面に戻す
+    if (session is not None and session.user_flg == str(constants.PERMISSION_ENABLED)) \
+            or referer.endswith('maintlogin'):
+        redirect_to = '/login/maintlogin'
+        link_text = 'Login画面に戻る'
+
+    logout = LogoutViewModel(
+        redirect_to=redirect_to,
+        reason=constants.LOGOUT_REASON_MESSAGE_MAP.get(reason, ''),
+        link_text=link_text
+    )
+    template_response = templates.TemplateResponse(
+        'logout.html',
+        {
+            'request': request,
+            'logout': logout,
+        }
+    )
+    # クッキーを削除
+    template_response.delete_cookie('session')
+
+    # セッション削除
+    if session:
+        session_service.delete_session(session)
+
+    return template_response
--- a/ecs/jskult-webapp/src/services/session_service.py
+++ b/ecs/jskult-webapp/src/services/session_service.py
@ -1,19 +1,26 @@
-
-from src.logging.get_logger import get_logger
-from src.model.internal.session import UserSession
-
-logger = get_logger('セッション管理')
-
-
-def set_session(session: UserSession) -> str:
-    session.save()
-    return session.session_key
-
-
-def get_session(key: str) -> UserSession:
-    try:
-        session = UserSession.get(hash_key=key, consistent_read=True)
-        return session
-    except UserSession.DoesNotExist as e:
-        logger.debug(f'セッション取得失敗：{e}')
-        return None
+
+from src.logging.get_logger import get_logger
+from src.model.internal.session import UserSession
+
+logger = get_logger('セッション管理')
+
+
+def set_session(session: UserSession) -> str:
+    session.save()
+    return session.session_key
+
+
+def get_session(key: str) -> UserSession:
+    try:
+        session = UserSession.get(hash_key=key, consistent_read=True)
+        return session
+    except UserSession.DoesNotExist as e:
+        logger.debug(f'セッション取得失敗：{e}')
+        return None
+
+def delete_session (session: UserSession):
+    try:
+        session.delete()
+        return
+    except:
+        return