sorcery suggested fixes

Saksham-Sirohi · Saksham-Sirohi · commit e18e472e4824 · 2025-08-02T17:04:16.000Z
diff --git a/src/pretalx/agenda/views/schedule.py b/src/pretalx/agenda/views/schedule.py
@@ -37,6 +37,7 @@
 
 
 class ScheduleMixin:
+    MY_STARRED_ICS_TOKEN_SESSION_KEY = 'my_starred_ics_token'
     @cached_property
     def version(self):
         if version := self.kwargs.get("version"):
@@ -69,19 +70,27 @@ def dispatch(self, request, *args, **kwargs):
         return super().dispatch(request, *args, **kwargs)
 
     @staticmethod
-    def generate_ics_token(user_id):
-        """Generate a signed token with user ID and 15-day expiry"""
-        expiry = timezone.now() + timedelta(days=15)
+    def generate_ics_token(request, user_id):
+        """Generate a signed token with user ID and 15-day expiry, invalidating previous tokens"""
+        # Clear any existing token from the session
+        key = ScheduleMixin.MY_STARRED_ICS_TOKEN_SESSION_KEY
+        if key in request.session:
+            del request.session[key]
+        
+        # Generate new token
+        expiry = timezone.now() + timedelta(minutes=5)
         value = {"user_id": user_id, "exp": int(expiry.timestamp())}
-        return signing.dumps(value, salt="my-starred-ics")
+        token = signing.dumps(value, salt="my-starred-ics")
+        
+        # Store new token in session
+        request.session[key] = token
+        return token
 
     @staticmethod
     def parse_ics_token(token):
         """Parse and validate the token, return user_id if valid"""
         try:
-            value = signing.loads(token, salt="my-starred-ics", max_age=15*24*60*60)
-            if value["exp"] < int(timezone.now().timestamp()):
-                raise ValueError("Token expired")
+            value = signing.loads(token, salt="my-starred-ics", max_age=5*60)
             return value["user_id"]
         except (signing.BadSignature, signing.SignatureExpired, KeyError, ValueError) as e:
             logger.warning('Failed to parse ICS token: %s', e)
@@ -97,10 +106,10 @@ def check_token_expiry(token):
         - True if token is valid and not expiring soon (>= 4 days)
         """
         try:
-            value = signing.loads(token, salt="my-starred-ics")
+            value = signing.loads(token, salt="my-starred-ics", max_age=5*60)
             expiry_date = timezone.datetime.fromtimestamp(value["exp"], tz=timezone.utc)
             time_until_expiry = expiry_date - timezone.now()
-            return time_until_expiry >= timedelta(days=4)
+            return time_until_expiry >= timedelta(minutes=1)
         except Exception as e:
             logger.warning('Failed to check token expiry: %s', e)
             return None  # Invalid token
@@ -357,7 +366,6 @@ class ChangelogView(EventPermissionRequired, TemplateView):
 
 class CalendarRedirectView(EventPermissionRequired, ScheduleMixin, TemplateView):
     """Handles redirects for both Google Calendar and other calendar applications"""
-    MY_STARRED_ICS_TOKEN_SESSION_KEY = 'my_starred_ics_token'
     permission_required = "agenda.view_schedule"
 
     def get(self, request, *args, **kwargs):
@@ -371,7 +379,8 @@ def get(self, request, *args, **kwargs):
         if is_my:
             # For starred sessions
             if not request.user.is_authenticated:
-                return HttpResponseRedirect(self.request.event.urls.login)
+                login_url = f"{self.request.event.urls.login}?next={request.get_full_path()}"
+                return HttpResponseRedirect(login_url)
             
             # Check for existing valid token
             existing_token = request.session.get(self.MY_STARRED_ICS_TOKEN_SESSION_KEY)
@@ -380,14 +389,13 @@ def get(self, request, *args, **kwargs):
             # If we have an existing token, check if it's still valid and not expiring soon
             if existing_token:
                 token_status = self.check_token_expiry(existing_token)
-                if token_status is True:
+                if token_status is True:  # Token is valid and has at least 4 days left
                     token = existing_token
                     generate_new_token = False
                     
-            # Generate new token if needed
+            # Generate new token if needed (this will invalidate any existing token)
             if generate_new_token:
-                token = self.generate_ics_token(request.user.id)
-                request.session[self.MY_STARRED_ICS_TOKEN_SESSION_KEY] = token
+                token = self.generate_ics_token(request, request.user.id)
             
             # Build tokenized URL for starred sessions
             ics_url = request.build_absolute_uri(
