From eb2a042f59dc353e34ca0444029d154d28b0a7d3 Mon Sep 17 00:00:00 2001
From: Cory Francis Myers <cory@freedom.press>
Date: Mon, 2 May 2022 17:45:30 -0700
Subject: [PATCH] fix(get_locale): don't assume the session-provided locale is
 usable

This is a safe assumption except in the corner case where (e.g.):

1. A user begins a session and selects language L.

2. The Application Server upgrades to a version of securedrop-app-code
   that removes support for language L.

3. The user resumes their session, which still has language L selected.

But, since this case has come up in testing[1], best to check for it.

[1]: https://github.com/freedomofpress/securedrop/pull/6406#issuecomment-1115257623
---
 securedrop/i18n.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/securedrop/i18n.py b/securedrop/i18n.py
index c8ed590995..e0df618a84 100644
--- a/securedrop/i18n.py
+++ b/securedrop/i18n.py
@@ -233,10 +233,12 @@ def get_locale(config: SDConfig) -> str:
     - browser suggested locale, from the Accept-Languages header
     - config.DEFAULT_LOCALE
     """
-    # Default to any locale set in the session.
+    # Default to any usable locale set in the session.
     locale = session.get("locale")
+    if locale:
+        locale = negotiate_locale([locale], LOCALES.keys())
 
-    # A valid locale specified in request.args takes precedence.
+    # A usable locale specified in request.args takes precedence.
     if request.args.get("l"):
         negotiated = negotiate_locale([request.args["l"]], LOCALES.keys())
         if negotiated: