From 0effccdd9f8ca9ff339562f2dc354a5739adbe54 Mon Sep 17 00:00:00 2001 From: Michael Ramsey Date: Fri, 29 Nov 2019 11:22:24 -0500 Subject: [PATCH] Revert "Update secMiddleware.py with option to enable/disable sessionIPvalidation for those with Dynamic IPs" This reverts commit c335952b2a350690c79082e8ffb45cfebd2c039c. --- CyberCP/secMiddleware.py | 58 +++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 31 deletions(-) diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py index 453dafd41..b6de2c7ac 100755 --- a/CyberCP/secMiddleware.py +++ b/CyberCP/secMiddleware.py @@ -3,46 +3,42 @@ import json from django.shortcuts import HttpResponse import re -# Create option to enable/disable sessionIPValidation for Dynamic IP's -sessionIPValidation = 'true' - class secMiddleware: def __init__(self, get_response): self.get_response = get_response def __call__(self, request): - if sessionIPValidation == 'true': - try: - uID = request.session['userID'] - ipAddr = request.META.get('REMOTE_ADDR') + try: + uID = request.session['userID'] + ipAddr = request.META.get('REMOTE_ADDR') - if ipAddr.find('.') > -1: - if request.session['ipAddr'] == ipAddr: - pass - else: - del request.session['userID'] - del request.session['ipAddr'] - logging.writeToFile(request.META.get('REMOTE_ADDR')) - final_dic = {'error_message': "Session reuse detected, IPAddress logged. Toggle off sessionIPValidation in secMiddleware.py if seeing this frequently with Dynamic IP", - "errorMessage": "Session reuse detected, IPAddress logged. Toggle off sessionIPValidation in secMiddleware.py if seeing this frequently with Dynamic IP"} - final_json = json.dumps(final_dic) - return HttpResponse(final_json) + if ipAddr.find('.') > -1: + if request.session['ipAddr'] == ipAddr: + pass else: - ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3] + del request.session['userID'] + del request.session['ipAddr'] + logging.writeToFile(request.META.get('REMOTE_ADDR')) + final_dic = {'error_message': "Session reuse detected, IPAddress logged.", + "errorMessage": "Session reuse detected, IPAddress logged."} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + else: + ipAddr = request.META.get('REMOTE_ADDR').split(':')[:3] - if request.session['ipAddr'] == ipAddr: - pass - else: - del request.session['userID'] - del request.session['ipAddr'] - logging.writeToFile(request.META.get('REMOTE_ADDR')) - final_dic = {'error_message': "Session reuse detected, IPAddress logged. Toggle off sessionIPValidation in secMiddleware.py if seeing this frequently with Dynamic IP", - "errorMessage": "Session reuse detected, IPAddress logged. Toggle off sessionIPValidation in secMiddleware.py if seeing this frequently with Dynamic IP"} - final_json = json.dumps(final_dic) - return HttpResponse(final_json) - except: - pass + if request.session['ipAddr'] == ipAddr: + pass + else: + del request.session['userID'] + del request.session['ipAddr'] + logging.writeToFile(request.META.get('REMOTE_ADDR')) + final_dic = {'error_message': "Session reuse detected, IPAddress logged.", + "errorMessage": "Session reuse detected, IPAddress logged."} + final_json = json.dumps(final_dic) + return HttpResponse(final_json) + except: + pass if request.method == 'POST': try: #logging.writeToFile(request.body)