chg: [authentication] configure misp-dashboard cookie policy

2019-10-02 19:32:39 -04:00 · 2019-10-02 19:32:39 -04:00 · 07f68cb33f
parent bd5984faad
commit 07f68cb33f
2 changed files with 17 additions and 1 deletions
--- a/config/config.cfg.default
+++ b/config/config.cfg.default
@ -7,6 +7,12 @@ debug = False
 misp_fqdn = "https://misp.local"
 ssl_verify = True
 session_secret = **Change_Me**
 # Only send cookies with requests over HTTPS if the cookie is marked secure.
 session_cookie_secure = True
 # Prevent sending cookies in all external requests including regular links.
 session_cookie_samesite = Strict
 # Expire session cookie after n days.
 permanent_session_lifetime = 1
 [Dashboard]
 #hours
--- a/server.py
+++ b/server.py
@ -7,6 +7,7 @@ import logging
 import math
 import os
 import re
 from datetime import timedelta
 import random
 from time import gmtime as now
 from time import sleep, strftime
@ -36,9 +37,18 @@ server_debug = cfg.get("Server", "debug")
 auth_host = cfg.get("Auth", "misp_fqdn")
 auth_ssl_verify = cfg.getboolean("Auth", "ssl_verify")
 auth_session_secret = cfg.get("Auth", "session_secret")
 auth_session_cookie_secure = cfg.getboolean("Auth", "session_cookie_secure")
 auth_session_cookie_samesite = cfg.getboolean("Auth", "session_cookie_samesite")
 auth_permanent_session_lifetime = cfg.getint("Auth", "permanent_session_lifetime")
 app = Flask(__name__)
-app.secret_key = auth_session_secret
+#app.secret_key = auth_session_secret
 app.config.update(
    SECRET_KEY=auth_session_secret,
    SESSION_COOKIE_SECURE=auth_session_cookie_secure,
    SESSION_COOKIE_SAMESITE=auth_session_cookie_samesite,
    PERMANENT_SESSION_LIFETIME=timedelta(days=auth_permanent_session_lifetime)
 )
 redis_server_log = redis.StrictRedis(
        host=cfg.get('RedisGlobal', 'host'),