CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity
Files
26029508c6d7198832caaaed720155930219f620
pretix_cgo/src/pretix/helpers/security.py
Raphael Michel 072f2a0ee9 Pin sessions to the user agent in use
2018-02-19 13:02:55 +01:00

38 lines
1.2 KiB
Python
Raw Blame History

import hashlib
import time
from django.conf import settings
class SessionInvalid(Exception):
pass
class SessionReauthRequired(Exception):
pass
def get_user_agent_hash(request):
return hashlib.sha256(request.META['HTTP_USER_AGENT'].encode()).hexdigest()
def assert_session_valid(request):
if not settings.PRETIX_LONG_SESSIONS or not request.session.get('pretix_auth_long_session', False):
last_used = request.session.get('pretix_auth_last_used', time.time())
if time.time() - request.session.get('pretix_auth_login_time',
time.time()) > settings.PRETIX_SESSION_TIMEOUT_ABSOLUTE:
request.session['pretix_auth_login_time'] = 0
raise SessionInvalid()
if time.time() - last_used > settings.PRETIX_SESSION_TIMEOUT_RELATIVE:
raise SessionReauthRequired()
if 'HTTP_USER_AGENT' in request.META:
if 'pinned_user_agent' in request.session:
if request.session.get('pinned_user_agent') != get_user_agent_hash(request):
raise SessionInvalid()
else:
request.session['pinned_user_agent'] = get_user_agent_hash(request)
request.session['pretix_auth_last_used'] = int(time.time())
return True
View Git Blame Copy Permalink