mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2025-11-06 13:25:51 +01:00
Feature: allow user to disable session ip check
This commit is contained in:
Usman Nasir
@@ -2,19 +2,24 @@ from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
|
|||||||
import json
|
import json
|
||||||
from django.shortcuts import HttpResponse
|
from django.shortcuts import HttpResponse
|
||||||
import re
|
import re
|
||||||
|
from loginSystem.models import Administrator
|
||||||
|
|
||||||
class secMiddleware:
|
class secMiddleware:
|
||||||
|
|
||||||
|
HIGH = 0
|
||||||
|
LOW = 1
|
||||||
|
|
||||||
def __init__(self, get_response):
|
def __init__(self, get_response):
|
||||||
self.get_response = get_response
|
self.get_response = get_response
|
||||||
|
|
||||||
def __call__(self, request):
|
def __call__(self, request):
|
||||||
try:
|
try:
|
||||||
uID = request.session['userID']
|
uID = request.session['userID']
|
||||||
|
admin = Administrator.objects.get(pk=uID)
|
||||||
ipAddr = request.META.get('REMOTE_ADDR')
|
ipAddr = request.META.get('REMOTE_ADDR')
|
||||||
|
|
||||||
if ipAddr.find('.') > -1:
|
if ipAddr.find('.') > -1:
|
||||||
if request.session['ipAddr'] == ipAddr:
|
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
del request.session['userID']
|
del request.session['userID']
|
||||||
@@ -27,7 +32,7 @@ class secMiddleware:
|
|||||||
else:
|
else:
|
||||||
ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
|
ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3]
|
||||||
|
|
||||||
if request.session['ipAddr'] == ipAddr:
|
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
del request.session['userID']
|
del request.session['userID']
|
||||||
|
|||||||
@@ -85,6 +85,7 @@ class Administrator(models.Model):
|
|||||||
owner = models.IntegerField(default=1)
|
owner = models.IntegerField(default=1)
|
||||||
token = models.CharField(max_length=500, default='None')
|
token = models.CharField(max_length=500, default='None')
|
||||||
api = models.IntegerField(default=0)
|
api = models.IntegerField(default=0)
|
||||||
|
securityLevel = models.IntegerField(default=0)
|
||||||
|
|
||||||
initWebsitesLimit = models.IntegerField(default=0)
|
initWebsitesLimit = models.IntegerField(default=0)
|
||||||
acl = models.ForeignKey(ACL, default=1)
|
acl = models.ForeignKey(ACL, default=1)
|
||||||
|
|||||||
@@ -553,6 +553,11 @@ class Upgrade:
|
|||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
try:
|
||||||
|
cursor.execute('ALTER TABLE loginSystem_administrator ADD securityLevel integer')
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
||||||
try:
|
try:
|
||||||
cursor.execute('ALTER TABLE loginSystem_administrator ADD api integer')
|
cursor.execute('ALTER TABLE loginSystem_administrator ADD api integer')
|
||||||
except:
|
except:
|
||||||
|
|||||||
2
upgrade.sh
Normal file → Executable file
2
upgrade.sh
Normal file → Executable file
@@ -6,7 +6,7 @@
|
|||||||
## Then run it like below.
|
## Then run it like below.
|
||||||
## /usr/local/CyberCP/upgrade.sh
|
## /usr/local/CyberCP/upgrade.sh
|
||||||
|
|
||||||
cd /usr/local/CyberCP && python manage.py collectstatic --no-input
|
cd /usr/local/CyberCP && /usr/local/CyberCP/bin/python2 manage.py collectstatic --no-input
|
||||||
rm -rf /usr/local/CyberCP/public/static/*
|
rm -rf /usr/local/CyberCP/public/static/*
|
||||||
cp -R /usr/local/CyberCP/static/* /usr/local/CyberCP/public/static/
|
cp -R /usr/local/CyberCP/static/* /usr/local/CyberCP/public/static/
|
||||||
find /usr/local/CyberCP -type d -exec chmod 0755 {} \;
|
find /usr/local/CyberCP -type d -exec chmod 0755 {} \;
|
||||||
|
|||||||
@@ -42,7 +42,8 @@ app.controller('createUserCtr', function ($scope, $http) {
|
|||||||
selectedACL: selectedACL,
|
selectedACL: selectedACL,
|
||||||
websitesLimit: websitesLimits,
|
websitesLimit: websitesLimits,
|
||||||
userName: userName,
|
userName: userName,
|
||||||
password: password
|
password: password,
|
||||||
|
securityLevel: $scope.securityLevel
|
||||||
};
|
};
|
||||||
|
|
||||||
var config = {
|
var config = {
|
||||||
@@ -171,6 +172,7 @@ app.controller('modifyUser', function ($scope, $http) {
|
|||||||
$scope.firstName = userDetails.firstName;
|
$scope.firstName = userDetails.firstName;
|
||||||
$scope.lastName = userDetails.lastName;
|
$scope.lastName = userDetails.lastName;
|
||||||
$scope.email = userDetails.email;
|
$scope.email = userDetails.email;
|
||||||
|
$scope.secLevel = userDetails.securityLevel;
|
||||||
|
|
||||||
$scope.userModificationLoading = true;
|
$scope.userModificationLoading = true;
|
||||||
$scope.acctDetailsFetched = false;
|
$scope.acctDetailsFetched = false;
|
||||||
@@ -181,6 +183,7 @@ app.controller('modifyUser', function ($scope, $http) {
|
|||||||
$scope.detailsFetched = false;
|
$scope.detailsFetched = false;
|
||||||
$scope.userAccountsLimit = true;
|
$scope.userAccountsLimit = true;
|
||||||
$scope.websitesLimit = true;
|
$scope.websitesLimit = true;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
$scope.userModificationLoading = true;
|
$scope.userModificationLoading = true;
|
||||||
$scope.acctDetailsFetched = true;
|
$scope.acctDetailsFetched = true;
|
||||||
@@ -248,7 +251,8 @@ app.controller('modifyUser', function ($scope, $http) {
|
|||||||
firstName: firstName,
|
firstName: firstName,
|
||||||
lastName: lastName,
|
lastName: lastName,
|
||||||
email: email,
|
email: email,
|
||||||
password: password
|
password: password,
|
||||||
|
securityLevel: $scope.securityLevel
|
||||||
};
|
};
|
||||||
|
|
||||||
var config = {
|
var config = {
|
||||||
|
|||||||
@@ -102,6 +102,17 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div ng-hide="acctDetailsFetched" class="form-group">
|
||||||
|
<label class="col-sm-3 control-label">{% trans "Security Level" %}</label>
|
||||||
|
<div class="col-sm-6">
|
||||||
|
<select ng-change="fetchUserDetails()" ng-model="securityLevel" class="form-control">
|
||||||
|
<option>HIGH</option>
|
||||||
|
<option>LOW</option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label class="col-sm-3 control-label"></label>
|
<label class="col-sm-3 control-label"></label>
|
||||||
<div class="col-sm-4">
|
<div class="col-sm-4">
|
||||||
|
|||||||
@@ -81,6 +81,20 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<div ng-hide="acctDetailsFetched" class="form-group">
|
||||||
|
<label class="col-sm-3 control-label">{% trans "Security Level" %}</label>
|
||||||
|
<div class="col-sm-6">
|
||||||
|
<select ng-change="fetchUserDetails()" ng-model="securityLevel" class="form-control">
|
||||||
|
<option>HIGH</option>
|
||||||
|
<option>LOW</option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
<div class="col-sm-3">
|
||||||
|
Currently: {$ secLevel $}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
<div ng-hide="acctDetailsFetched" class="form-group">
|
<div ng-hide="acctDetailsFetched" class="form-group">
|
||||||
<label class="col-sm-3 control-label"></label>
|
<label class="col-sm-3 control-label"></label>
|
||||||
<div class="col-sm-4">
|
<div class="col-sm-4">
|
||||||
|
|||||||
@@ -10,6 +10,7 @@ from plogical import hashPassword
|
|||||||
from plogical import CyberCPLogFileWriter as logging
|
from plogical import CyberCPLogFileWriter as logging
|
||||||
from plogical.acl import ACLManager
|
from plogical.acl import ACLManager
|
||||||
from plogical.virtualHostUtilities import virtualHostUtilities
|
from plogical.virtualHostUtilities import virtualHostUtilities
|
||||||
|
from CyberCP.secMiddleware import secMiddleware
|
||||||
|
|
||||||
# Create your views here.
|
# Create your views here.
|
||||||
|
|
||||||
@@ -138,6 +139,7 @@ def submitUserCreation(request):
|
|||||||
password = data['password']
|
password = data['password']
|
||||||
websitesLimit = data['websitesLimit']
|
websitesLimit = data['websitesLimit']
|
||||||
selectedACL = data['selectedACL']
|
selectedACL = data['selectedACL']
|
||||||
|
securityLevel = data['securityLevel']
|
||||||
|
|
||||||
selectedACL = ACL.objects.get(name=selectedACL)
|
selectedACL = ACL.objects.get(name=selectedACL)
|
||||||
|
|
||||||
@@ -146,6 +148,11 @@ def submitUserCreation(request):
|
|||||||
else:
|
else:
|
||||||
type = 3
|
type = 3
|
||||||
|
|
||||||
|
if securityLevel == 'LOW':
|
||||||
|
securityLevel = secMiddleware.LOW
|
||||||
|
else:
|
||||||
|
securityLevel = secMiddleware.HIGH
|
||||||
|
|
||||||
token = hashPassword.generateToken(userName, password)
|
token = hashPassword.generateToken(userName, password)
|
||||||
password = hashPassword.hash_password(password)
|
password = hashPassword.hash_password(password)
|
||||||
currentAdmin = Administrator.objects.get(pk=userID)
|
currentAdmin = Administrator.objects.get(pk=userID)
|
||||||
@@ -168,7 +175,8 @@ def submitUserCreation(request):
|
|||||||
initWebsitesLimit=websitesLimit,
|
initWebsitesLimit=websitesLimit,
|
||||||
owner=currentAdmin.pk,
|
owner=currentAdmin.pk,
|
||||||
acl=selectedACL,
|
acl=selectedACL,
|
||||||
token=token
|
token=token,
|
||||||
|
securityLevel=securityLevel,
|
||||||
)
|
)
|
||||||
newAdmin.save()
|
newAdmin.save()
|
||||||
|
|
||||||
@@ -183,7 +191,8 @@ def submitUserCreation(request):
|
|||||||
initWebsitesLimit=websitesLimit,
|
initWebsitesLimit=websitesLimit,
|
||||||
owner=currentAdmin.pk,
|
owner=currentAdmin.pk,
|
||||||
acl=selectedACL,
|
acl=selectedACL,
|
||||||
token=token
|
token=token,
|
||||||
|
securityLevel=securityLevel,
|
||||||
)
|
)
|
||||||
newAdmin.save()
|
newAdmin.save()
|
||||||
elif currentACL['createNewUser'] == 1:
|
elif currentACL['createNewUser'] == 1:
|
||||||
@@ -197,7 +206,8 @@ def submitUserCreation(request):
|
|||||||
initWebsitesLimit=websitesLimit,
|
initWebsitesLimit=websitesLimit,
|
||||||
owner=currentAdmin.pk,
|
owner=currentAdmin.pk,
|
||||||
acl=selectedACL,
|
acl=selectedACL,
|
||||||
token=token
|
token=token,
|
||||||
|
securityLevel=securityLevel,
|
||||||
)
|
)
|
||||||
newAdmin.save()
|
newAdmin.save()
|
||||||
else:
|
else:
|
||||||
@@ -261,6 +271,12 @@ def fetchUserDetails(request):
|
|||||||
email = user.email
|
email = user.email
|
||||||
|
|
||||||
websitesLimit = user.initWebsitesLimit
|
websitesLimit = user.initWebsitesLimit
|
||||||
|
securityLevel = ''
|
||||||
|
|
||||||
|
if user.securityLevel == secMiddleware.LOW:
|
||||||
|
securityLevel = 'Low'
|
||||||
|
else:
|
||||||
|
securityLevel = 'High'
|
||||||
|
|
||||||
userDetails = {
|
userDetails = {
|
||||||
"id": user.id,
|
"id": user.id,
|
||||||
@@ -268,7 +284,8 @@ def fetchUserDetails(request):
|
|||||||
"lastName": lastName,
|
"lastName": lastName,
|
||||||
"email": email,
|
"email": email,
|
||||||
"acl": user.acl.name,
|
"acl": user.acl.name,
|
||||||
"websitesLimit": websitesLimit
|
"websitesLimit": websitesLimit,
|
||||||
|
"securityLevel": securityLevel
|
||||||
}
|
}
|
||||||
|
|
||||||
data_ret = {'fetchStatus': 1, 'error_message': 'None', "userDetails": userDetails}
|
data_ret = {'fetchStatus': 1, 'error_message': 'None', "userDetails": userDetails}
|
||||||
@@ -296,6 +313,7 @@ def saveModifications(request):
|
|||||||
firstName = data['firstName']
|
firstName = data['firstName']
|
||||||
lastName = data['lastName']
|
lastName = data['lastName']
|
||||||
email = data['email']
|
email = data['email']
|
||||||
|
securityLevel = data['securityLevel']
|
||||||
|
|
||||||
user = Administrator.objects.get(userName=accountUsername)
|
user = Administrator.objects.get(userName=accountUsername)
|
||||||
|
|
||||||
@@ -323,6 +341,11 @@ def saveModifications(request):
|
|||||||
user.token = token
|
user.token = token
|
||||||
user.type = 0
|
user.type = 0
|
||||||
|
|
||||||
|
if securityLevel == 'LOW':
|
||||||
|
user.securityLevel = secMiddleware.LOW
|
||||||
|
else:
|
||||||
|
user.securityLevel = secMiddleware.HIGH
|
||||||
|
|
||||||
user.save()
|
user.save()
|
||||||
|
|
||||||
data_ret = {'status': 1, 'saveStatus': 1, 'error_message': 'None'}
|
data_ret = {'status': 1, 'saveStatus': 1, 'error_message': 'None'}
|
||||||
|
|||||||
Reference in New Issue
Block a user