CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-01-07 21:52:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Log discarding a valid session for suspicious reasons (#4025)

Browse Source
This commit is contained in:
Raphael Michel
2024-04-02 13:52:30 +02:00
committed by GitHub
parent 5c0587c30e
commit c68ee56d51
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/pretix/helpers/security.py
View File

@@ -20,6 +20,7 @@
# <https://www.gnu.org/licenses/>.
#
import hashlib
import logging
import time
from django.conf import settings
@@ -29,6 +30,8 @@ from geoip2.errors import AddressNotFoundError
from pretix.helpers.http import get_client_ip
logger = logging.getLogger(__name__)
class SessionInvalid(Exception):
pass
@@ -71,6 +74,8 @@ def assert_session_valid(request):
if 'User-Agent' in request.headers:
if 'pinned_user_agent' in request.session:
if request.session.get('pinned_user_agent') != get_user_agent_hash(request):
logger.info(f"Backend session for user {request.user.pk} terminated due to user agent change. "
f"New agent: \"{request.headers['User-Agent']}\"")
raise SessionInvalid()
else:
request.session['pinned_user_agent'] = get_user_agent_hash(request)
@@ -82,6 +87,8 @@ def assert_session_valid(request):
if 'pinned_country' in request.session:
if request.session.get('pinned_country') != country:
logger.info(f"Backend session for user {request.user.pk} terminated due to country change. "
f"Old country: \"{request.session.get('pinned_countres')}\" New country: \"{country}\"")
raise SessionInvalid()
else:
request.session['pinned_country'] = country