bostame/workdock-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: refresh auth freshness during active sessions
Some checks failed
CI / python-validation (push) Has been cancelled
Details
CI / docker-release-gate (push) Has been cancelled
Details
i18n / compile-translations (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Md Bayazid Bostame
2026-04-01 17:48:04 +02:00
parent 6254a059b4
commit 5fab01d57a
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/workflows/middleware.py
View File

@@ -154,6 +154,9 @@ class AuthSessionHardeningMiddleware:
def _touch_session(self, request, now_ts: int) -> None:
request.session['last_activity_ts'] = now_ts
if request.method in {'GET', 'HEAD'}:
request.session['auth_fresh_ts'] = now_ts
else:
request.session.setdefault('auth_fresh_ts', now_ts)
def _warn(self, request, message: str) -> None:

19
backend/workflows/tests/test_security_hardening.py
View File

@@ -94,3 +94,22 @@ class AuthSessionHardeningTests(TestCase):
response = client.post('/admin-tools/branding/save/', {'portal_title': 'Blocked'}, HTTP_HOST='localhost')
self.assertEqual(response.status_code, 302)
self.assertIn('/accounts/login/', response['Location'])
@override_settings(SENSITIVE_ACTION_REAUTH_SECONDS=60)
def test_recent_get_refreshes_fresh_auth_for_sensitive_post(self):
client = Client(REMOTE_ADDR='10.10.10.61')
client.force_login(self.user)
session = client.session
session['last_activity_ts'] = 9999999999
session['auth_fresh_ts'] = 1
session.save()
home_response = client.get('/', HTTP_HOST='localhost')
self.assertEqual(home_response.status_code, 200)
session = client.session
self.assertGreater(session['auth_fresh_ts'], 1)
response = client.post('/admin-tools/branding/save/', {'portal_title': 'Blocked'}, HTTP_HOST='localhost')
self.assertEqual(response.status_code, 302)
self.assertEqual(response['Location'], '/')