chg: [authentication] enforce session ssl

2019-10-02 12:46:37 -04:00 · 2019-10-02 12:46:37 -04:00 · b7c8f6b577
parent e44f7e2c4b
commit b7c8f6b577
1 changed files with 2 additions and 1 deletions
--- a/server.py
+++ b/server.py
@ -94,9 +94,10 @@ class User(UserMixin):

        misp_login_page = auth_host + "/users/login"
        session = requests.Session()
+        session.verify = True

        # The login page contains hidden form values required for authenticaiton.
-        login_page = session.get(misp_login_page, ssl=True)
+        login_page = session.get(misp_login_page)

        # This regex matches the "data[_Token][fields]" value needed to make a POST request on the MISP login page.
        token_fields_exp = re.compile(r'name="data\[_Token]\[fields]" value="([^\s]+)"')