MISP
/
misp-dashboard
mirror of https://github.com/MISP/misp-dashboard
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [authentication] enforce session ssl

pull/129/head
VVX7 2019-10-02 13:35:12 -04:00
parent b7c8f6b577
commit e18728e8b1
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/config.cfg.default
View File

@ -5,7 +5,7 @@ debug = False
[Auth] [Auth]
misp_fqdn = "https://misp.local" misp_fqdn = "https://misp.local"
ssl_verify = True
[Dashboard] [Dashboard]
#hours #hours

3
server.py
View File

@ -34,6 +34,7 @@ server_host = cfg.get("Server", "host")
server_port = cfg.getint("Server", "port") server_port = cfg.getint("Server", "port")
server_debug = cfg.get("Server", "debug") server_debug = cfg.get("Server", "debug")
auth_host = cfg.get("Auth", "misp_fqdn") auth_host = cfg.get("Auth", "misp_fqdn")
auth_ssl_verify = cfg.get("Auth", "ssl_verify")
app = Flask(__name__) app = Flask(__name__)
@ -94,7 +95,7 @@ class User(UserMixin):
misp_login_page = auth_host + "/users/login" misp_login_page = auth_host + "/users/login"
session = requests.Session() session = requests.Session()
session.verify = True session.verify = auth_ssl_verify
# The login page contains hidden form values required for authenticaiton. # The login page contains hidden form values required for authenticaiton.
login_page = session.get(misp_login_page) login_page = session.get(misp_login_page)