Saving user session checks if User exists

- Check that model User object exists with id=user_id before attempting to save to database - UserSessionMembership saves to the database using foreign key, User - However, User with matching id might not exist if browser sends request with stale cookies - Change made in regards to issue #4334
2026-01-11 18:09:57 -03:30 · 2019-09-27 10:10:03 -04:00 · 2019-09-27 10:10:03 -04:00 · c94ebba0b3
commit c94ebba0b3
parent de68de7f9a
1 changed files with 3 additions and 1 deletions
--- a/awx/main/signals.py
+++ b/awx/main/signals.py
@ -20,6 +20,7 @@ from django.db.models.signals import (
 )
 from django.dispatch import receiver
 from django.contrib.auth import SESSION_KEY
+from django.contrib.auth.models import User
 from django.contrib.sessions.models import Session
 from django.utils import timezone

@ -684,7 +685,8 @@ def save_user_session_membership(sender, **kwargs):
        return
    if UserSessionMembership.objects.filter(user=user_id, session=session).exists():
        return
-    UserSessionMembership(user_id=user_id, session=session, created=timezone.now()).save()
+    if User.objects.filter(id=int(user_id)).exists():
+        UserSessionMembership(user_id=user_id, session=session, created=timezone.now()).save()
    expired = UserSessionMembership.get_memberships_over_limit(user_id)
    for membership in expired:
        Session.objects.filter(session_key__in=[membership.session_id]).delete()