[SECURITY] Enforce session validation on oauth authorize endpoint

2023-03-06 11:52:01 +01:00
parent 9bed40fa09
commit 926d334b10
5 changed files with 152 additions and 3 deletions
--- a/src/tests/control/test_auth.py
+++ b/src/tests/control/test_auth.py
@@ -757,7 +757,7 @@ class SessionTimeOutTest(TestCase):
        # Regression test added after a security problem in 1.9.1
        # The problem was that, once the relative timeout happened, the user was redirected
        # to /control/reauth/, but loading /control/reauth/ was already considered to be
-        # "session activitiy". Therefore, after loding /control/reauth/, the session was no longer
+        # "session activity". Therefore, after loding /control/reauth/, the session was no longer
        # in the timeout state and the user was able to access pages again without re-entering the
        # password.
        session = self.client.session