fix(get_locale): don't assume the session-provided locale is usable

This is a safe assumption except in the corner case where (e.g.): 1. A user begins a session and selects language L. 2. The Application Server upgrades to a version of securedrop-app-code that removes support for language L. 3. The user resumes their session, which still has language L selected. But, since this case has come up in testing[1], best to check for it. [1]: #6406 (comment)
freedomofpress · May 3, 2022 · eb2a042 · eb2a042
1 parent 9621639
commit eb2a042
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/securedrop/i18n.py b/securedrop/i18n.py
@@ -233,10 +233,12 @@ def get_locale(config: SDConfig) -> str:
     - browser suggested locale, from the Accept-Languages header
     - config.DEFAULT_LOCALE
     """
-    # Default to any locale set in the session.
+    # Default to any usable locale set in the session.
     locale = session.get("locale")
+    if locale:
+        locale = negotiate_locale([locale], LOCALES.keys())
 
-    # A valid locale specified in request.args takes precedence.
+    # A usable locale specified in request.args takes precedence.
     if request.args.get("l"):
         negotiated = negotiate_locale([request.args["l"]], LOCALES.keys())
         if negotiated: