Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-10 15:26:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update secMiddleware.py with option to enable/disable sessionIPvalidation for those with Dynamic IPs

Browse Source
This commit is contained in:
Michael Ramsey
2019-11-10 10:13:43 -05:00
parent b92b64bf25
commit c335952b2a
1 changed files with 31 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
CyberCP/secMiddleware.py
View File

@@ -3,42 +3,46 @@ import json
from django.shortcuts import HttpResponse from django.shortcuts import HttpResponse
import re import re
# Create option to enable/disable sessionIPValidation for Dynamic IP's
sessionIPValidation = 'true'
class secMiddleware: class secMiddleware:
def __init__(self, get_response): def __init__(self, get_response):
self.get_response = get_response self.get_response = get_response
def __call__(self, request): def __call__(self, request):
try: if sessionIPValidation == 'true':
uID = request.session['userID'] try:
ipAddr = request.META.get('REMOTE_ADDR') uID = request.session['userID']
ipAddr = request.META.get('REMOTE_ADDR')
if ipAddr.find('.') > -1: if ipAddr.find('.') > -1:
if request.session['ipAddr'] == ipAddr: if request.session['ipAddr'] == ipAddr:
pass pass
else:
del request.session['userID']
del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged. Toggle off sessionIPValidation in secMiddleware.py if seeing this frequently with Dynamic IP",
"errorMessage": "Session reuse detected, IPAddress logged. Toggle off sessionIPValidation in secMiddleware.py if seeing this frequently with Dynamic IP"}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else: else:
del request.session['userID'] ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
"errorMessage": "Session reuse detected, IPAddress logged."}
final_json = json.dumps(final_dic)
return HttpResponse(final_json)
else:
ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
if request.session['ipAddr'] == ipAddr: if request.session['ipAddr'] == ipAddr:
pass pass
else: else:
del request.session['userID'] del request.session['userID']
del request.session['ipAddr'] del request.session['ipAddr']
logging.writeToFile(request.META.get('REMOTE_ADDR')) logging.writeToFile(request.META.get('REMOTE_ADDR'))
final_dic = {'error_message': "Session reuse detected, IPAddress logged.", final_dic = {'error_message': "Session reuse detected, IPAddress logged. Toggle off sessionIPValidation in secMiddleware.py if seeing this frequently with Dynamic IP",
"errorMessage": "Session reuse detected, IPAddress logged."} "errorMessage": "Session reuse detected, IPAddress logged. Toggle off sessionIPValidation in secMiddleware.py if seeing this frequently with Dynamic IP"}
final_json = json.dumps(final_dic) final_json = json.dumps(final_dic)
return HttpResponse(final_json) return HttpResponse(final_json)
except: except:
pass pass
if request.method == 'POST': if request.method == 'POST':
try: try:
#logging.writeToFile(request.body) #logging.writeToFile(request.body)