CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade to Django 2.2 and modern DRF and py.test (#1246)

Browse Source 
* Upgrade django and stuff

* Update to Django 2.2 and recent versions of similar packages

* Provide explicit orderings to all models used in paginated queries

* Resolve naive datetime warnings in test suite

* Deal with deprecation warnings

* Fix sqlparse version
This commit is contained in:
Raphael Michel
2019-04-07 14:09:49 +01:00
committed by GitHub
parent cb531a7a6a
commit 6d1dea7922
39 changed files with 126 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pretix/helpers/security.py
View File

@@ -13,7 +13,7 @@ class SessionReauthRequired(Exception):
def get_user_agent_hash(request):
return hashlib.sha256(request.META['HTTP_USER_AGENT'].encode()).hexdigest()
return hashlib.sha256(request.headers['User-Agent'].encode()).hexdigest()
def assert_session_valid(request):
@@ -26,7 +26,7 @@ def assert_session_valid(request):
if time.time() - last_used > settings.PRETIX_SESSION_TIMEOUT_RELATIVE:
raise SessionReauthRequired()
if 'HTTP_USER_AGENT' in request.META:
if 'User-Agent' in request.headers:
if 'pinned_user_agent' in request.session:
if request.session.get('pinned_user_agent') != get_user_agent_hash(request):
raise SessionInvalid()