add: support for secure cookies

parent 5437037f
......@@ -191,6 +191,7 @@ def init(conf=None, debug=0, logfile=None, gunicorn=True, unittest=False):
red = Redis(host=host, port=port)
app.config['SESSION_TYPE'] = 'redis'
app.config['SESSION_REDIS'] = red
app.config['SESSION_COOKIE_SECURE'] = app.scookie
ses = Session()
ses.init_app(app)
except:
......
......@@ -85,4 +85,7 @@ class UserHandler(BUIuser):
return self.authenticated
def get_id(self):
return self.id
try:
return unicode(self.id)
except NameError:
return str(self.id)
......@@ -31,6 +31,7 @@ g_acl = ''
g_storage = ''
g_redis = ''
g_zip64 = 'False'
g_scookie = 'False'
class BUIServer(Flask):
......@@ -69,7 +70,7 @@ class BUIServer(Flask):
'sslkey': g_sslkey, 'version': g_version, 'auth': g_auth,
'standalone': g_standalone, 'acl': g_acl,
'liverefresh': g_liverefresh, 'storage': g_storage,
'redis': g_redis, 'zip64': g_zip64
'redis': g_redis, 'zip64': g_zip64, 'scookie': g_scookie
}
config = ConfigParser.ConfigParser(self.defaults)
with open(conf) as fp:
......@@ -175,6 +176,12 @@ class BUIServer(Flask):
'redis',
'Production'
)
self.scookie = self._safe_config_get(
config.getboolean,
'scookie',
'Production',
cast=bool
)
# Experimental features
self.zip64 = self._safe_config_get(
......
......@@ -171,19 +171,20 @@ class BUIcompress():
def basic_login_from_request(request, app):
creds = request.headers.get('Authorization')
if creds:
creds = creds.replace('Basic ', '', 1)
try:
import base64
login, password = base64.b64decode(creds.encode('utf-8')).decode('utf-8').split(':')
except: # pragma: no cover
pass
if login:
user = app.uhandler.user(login)
if user.active and user.login(login, password):
from flask.ext.login import login_user
login_user(user)
return user
if app.auth != 'none':
creds = request.headers.get('Authorization')
if creds:
creds = creds.replace('Basic ', '', 1)
try:
import base64
login, password = base64.b64decode(creds.encode('utf-8')).decode('utf-8').split(':')
except: # pragma: no cover
pass
if login:
user = app.uhandler.user(login)
if user.active and user.login(login, password):
from flask.ext.login import login_user
login_user(user)
return user
return None
......@@ -39,6 +39,8 @@ liverefresh: 5
storage: redis
# redis server to connect to
redis: demo-redis:6379
# whether to use secure cookie or not
scookie: false
## burp1 backend specific options
#[Burp1]
......
......@@ -40,6 +40,8 @@ liverefresh: 5
storage: default
# redis server to connect to
redis: localhost:6379
# whether to use secure cookie or not
scookie: false
[Experimental]
## This section contains some experimental features that have not been deeply
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment