From e40fca9596b6976dc72a7ca44b4da773f4e58e7c Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Tue, 12 Nov 2019 14:01:29 +0500
Subject: [PATCH] Feature: allow user to disable session ip check

---
 CyberCP/secMiddleware.py                      |  9 ++++--
 loginSystem/models.py                         |  1 +
 plogical/upgrade.py                           |  5 +++
 upgrade.sh                                    |  2 +-
 .../static/userManagment/userManagment.js     |  8 +++--
 .../templates/userManagment/createUser.html   | 11 +++++++
 .../templates/userManagment/modifyUser.html   | 14 +++++++++
 userManagment/views.py                        | 31 ++++++++++++++++---
 8 files changed, 72 insertions(+), 9 deletions(-)
 mode change 100644 => 100755 upgrade.sh

diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
index b6de2c7ac..3efed4d2b 100755
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -2,19 +2,24 @@ from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
 import json
 from django.shortcuts import HttpResponse
 import re
+from loginSystem.models import Administrator
 
 class secMiddleware:
 
+    HIGH = 0
+    LOW = 1
+
     def __init__(self, get_response):
         self.get_response = get_response
 
     def __call__(self, request):
         try:
             uID = request.session['userID']
+            admin = Administrator.objects.get(pk=uID)
             ipAddr = request.META.get('REMOTE_ADDR')
 
             if ipAddr.find('.') > -1:
-                if request.session['ipAddr'] == ipAddr:
+                if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
                     pass
                 else:
                     del request.session['userID']
@@ -27,7 +32,7 @@ class secMiddleware:
             else:
                 ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
 
-                if request.session['ipAddr'] == ipAddr:
+                if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
                     pass
                 else:
                     del request.session['userID']
diff --git a/loginSystem/models.py b/loginSystem/models.py
index 01ecff50b..c00538038 100755
--- a/loginSystem/models.py
+++ b/loginSystem/models.py
@@ -85,6 +85,7 @@ class Administrator(models.Model):
    owner = models.IntegerField(default=1)
    token = models.CharField(max_length=500, default='None')
    api = models.IntegerField(default=0)
+   securityLevel = models.IntegerField(default=0)
 
    initWebsitesLimit = models.IntegerField(default=0)
    acl = models.ForeignKey(ACL, default=1)
diff --git a/plogical/upgrade.py b/plogical/upgrade.py
index d4b030b22..9bbfc2975 100755
--- a/plogical/upgrade.py
+++ b/plogical/upgrade.py
@@ -553,6 +553,11 @@ class Upgrade:
             except:
                 pass
 
+            try:
+                cursor.execute('ALTER TABLE loginSystem_administrator ADD securityLevel integer')
+            except:
+                pass
+
             try:
                 cursor.execute('ALTER TABLE loginSystem_administrator ADD api integer')
             except:
diff --git a/upgrade.sh b/upgrade.sh
old mode 100644
new mode 100755
index e312a77eb..2fcaed6e7
--- a/upgrade.sh
+++ b/upgrade.sh
@@ -6,7 +6,7 @@
 ## Then run it like below.
 ## /usr/local/CyberCP/upgrade.sh
 
-cd /usr/local/CyberCP && python manage.py collectstatic --no-input
+cd /usr/local/CyberCP && /usr/local/CyberCP/bin/python2 manage.py collectstatic --no-input
 rm -rf /usr/local/CyberCP/public/static/*
 cp -R  /usr/local/CyberCP/static/* /usr/local/CyberCP/public/static/
 find /usr/local/CyberCP -type d -exec chmod 0755 {} \;
diff --git a/userManagment/static/userManagment/userManagment.js b/userManagment/static/userManagment/userManagment.js
index d0bc4057a..869e7099d 100755
--- a/userManagment/static/userManagment/userManagment.js
+++ b/userManagment/static/userManagment/userManagment.js
@@ -42,7 +42,8 @@ app.controller('createUserCtr', function ($scope, $http) {
             selectedACL: selectedACL,
             websitesLimit: websitesLimits,
             userName: userName,
-            password: password
+            password: password,
+            securityLevel: $scope.securityLevel
         };
 
         var config = {
@@ -171,6 +172,7 @@ app.controller('modifyUser', function ($scope, $http) {
                 $scope.firstName = userDetails.firstName;
                 $scope.lastName = userDetails.lastName;
                 $scope.email = userDetails.email;
+                $scope.secLevel = userDetails.securityLevel;
 
                 $scope.userModificationLoading = true;
                 $scope.acctDetailsFetched = false;
@@ -181,6 +183,7 @@ app.controller('modifyUser', function ($scope, $http) {
                 $scope.detailsFetched = false;
                 $scope.userAccountsLimit = true;
                 $scope.websitesLimit = true;
+
             } else {
                 $scope.userModificationLoading = true;
                 $scope.acctDetailsFetched = true;
@@ -248,7 +251,8 @@ app.controller('modifyUser', function ($scope, $http) {
             firstName: firstName,
             lastName: lastName,
             email: email,
-            password: password
+            password: password,
+            securityLevel: $scope.securityLevel
         };
 
         var config = {
diff --git a/userManagment/templates/userManagment/createUser.html b/userManagment/templates/userManagment/createUser.html
index 17c0008b3..f6db608f8 100755
--- a/userManagment/templates/userManagment/createUser.html
+++ b/userManagment/templates/userManagment/createUser.html
@@ -102,6 +102,17 @@
                             </div>
                         </div>
 
+
+                        <div ng-hide="acctDetailsFetched" class="form-group">
+                            <label class="col-sm-3 control-label">{% trans "Security Level" %}</label>
+                            <div class="col-sm-6">
+                                <select ng-change="fetchUserDetails()" ng-model="securityLevel" class="form-control">
+                                    <option>HIGH</option>
+                                    <option>LOW</option>
+                                </select>
+                            </div>
+                        </div>
+
                         <div class="form-group">
                             <label class="col-sm-3 control-label"></label>
                             <div class="col-sm-4">
diff --git a/userManagment/templates/userManagment/modifyUser.html b/userManagment/templates/userManagment/modifyUser.html
index 40f564df0..07d34bdab 100755
--- a/userManagment/templates/userManagment/modifyUser.html
+++ b/userManagment/templates/userManagment/modifyUser.html
@@ -81,6 +81,20 @@
                         </div>
 
 
+                        <div ng-hide="acctDetailsFetched" class="form-group">
+                            <label class="col-sm-3 control-label">{% trans "Security Level" %}</label>
+                            <div class="col-sm-6">
+                                <select ng-change="fetchUserDetails()" ng-model="securityLevel" class="form-control">
+                                    <option>HIGH</option>
+                                    <option>LOW</option>
+                                </select>
+                            </div>
+                            <div class="col-sm-3">
+                                Currently: {$ secLevel $}
+                            </div>
+                        </div>
+
+
                         <div ng-hide="acctDetailsFetched" class="form-group">
                             <label class="col-sm-3 control-label"></label>
                             <div class="col-sm-4">
diff --git a/userManagment/views.py b/userManagment/views.py
index 4b9caaa18..0cfb10f72 100755
--- a/userManagment/views.py
+++ b/userManagment/views.py
@@ -10,6 +10,7 @@ from plogical import hashPassword
 from plogical import CyberCPLogFileWriter as logging
 from plogical.acl import ACLManager
 from plogical.virtualHostUtilities import virtualHostUtilities
+from CyberCP.secMiddleware import secMiddleware
 
 # Create your views here.
 
@@ -138,6 +139,7 @@ def submitUserCreation(request):
             password = data['password']
             websitesLimit = data['websitesLimit']
             selectedACL = data['selectedACL']
+            securityLevel = data['securityLevel']
 
             selectedACL = ACL.objects.get(name=selectedACL)
 
@@ -146,6 +148,11 @@ def submitUserCreation(request):
             else:
                 type = 3
 
+            if securityLevel == 'LOW':
+                securityLevel = secMiddleware.LOW
+            else:
+                securityLevel = secMiddleware.HIGH
+
             token = hashPassword.generateToken(userName, password)
             password = hashPassword.hash_password(password)
             currentAdmin = Administrator.objects.get(pk=userID)
@@ -168,7 +175,8 @@ def submitUserCreation(request):
                                          initWebsitesLimit=websitesLimit,
                                          owner=currentAdmin.pk,
                                          acl=selectedACL,
-                                         token=token
+                                         token=token,
+                                         securityLevel=securityLevel,
                                          )
                 newAdmin.save()
 
@@ -183,7 +191,8 @@ def submitUserCreation(request):
                                          initWebsitesLimit=websitesLimit,
                                          owner=currentAdmin.pk,
                                          acl=selectedACL,
-                                         token=token
+                                         token=token,
+                                         securityLevel=securityLevel,
                                          )
                 newAdmin.save()
             elif currentACL['createNewUser'] == 1:
@@ -197,7 +206,8 @@ def submitUserCreation(request):
                                          initWebsitesLimit=websitesLimit,
                                          owner=currentAdmin.pk,
                                          acl=selectedACL,
-                                         token=token
+                                         token=token,
+                                         securityLevel=securityLevel,
                                          )
                 newAdmin.save()
             else:
@@ -261,6 +271,12 @@ def fetchUserDetails(request):
                 email = user.email
 
                 websitesLimit = user.initWebsitesLimit
+                securityLevel = ''
+
+                if user.securityLevel == secMiddleware.LOW:
+                    securityLevel = 'Low'
+                else:
+                    securityLevel = 'High'
 
                 userDetails = {
                     "id": user.id,
@@ -268,7 +284,8 @@ def fetchUserDetails(request):
                     "lastName": lastName,
                     "email": email,
                     "acl": user.acl.name,
-                    "websitesLimit": websitesLimit
+                    "websitesLimit": websitesLimit,
+                    "securityLevel": securityLevel
                 }
 
                 data_ret = {'fetchStatus': 1, 'error_message': 'None', "userDetails": userDetails}
@@ -296,6 +313,7 @@ def saveModifications(request):
                 firstName = data['firstName']
                 lastName = data['lastName']
                 email = data['email']
+                securityLevel = data['securityLevel']
 
                 user = Administrator.objects.get(userName=accountUsername)
 
@@ -323,6 +341,11 @@ def saveModifications(request):
                 user.token = token
                 user.type = 0
 
+                if securityLevel == 'LOW':
+                    user.securityLevel = secMiddleware.LOW
+                else:
+                    user.securityLevel = secMiddleware.HIGH
+
                 user.save()
 
                 data_ret = {'status': 1, 'saveStatus': 1, 'error_message': 'None'}