shaba/openuds
1
0
Fork 1
mirror of https://github.com/dkmstr/openuds.git synced 2025-01-24 02:04:09 +03:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'origin/v3.6'

Browse Source
This commit is contained in:
Adolfo Gómez García 2023-04-07 01:09:12 +02:00
commit b0bd76d5df
No known key found for this signature in database
GPG Key ID: DD1ABF20724CDA23
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server/src/uds/core/util/security.py
View File

@ -19,6 +19,10 @@ import requests.adapters
KEY_SIZE = 4096
SECRET_SIZE = 32
# Ensure that we do not get warnings about self signed certificates and so
requests.packages.urllib3.disable_warnings() # type: ignore
def selfSignedCert(ip: str) -> typing.Tuple[str, str, str]:
"""
Generates a self signed certificate for the given ip.
@ -83,7 +87,7 @@ def createClientSslContext(verify: bool = True) -> ssl.SSLContext:
# Next line is deprecated in Python 3.7
# sslContext.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
sslContext.minimum_version = ssl.TLSVersion.TLSv1_2
sslContext.maximum_version = ssl.TLSVersion.TLSv1_3
sslContext.maximum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
return sslContext
@ -118,7 +122,18 @@ def checkCertificateMatchPrivateKey(*, cert: str, key: str) -> bool:
# Even if the key or certificate is not valid, we only want a True if they match, False otherwise
return False
def secureRequestsSession(verify: bool = True) -> 'requests.Session':
def secureRequestsSession(*, verify: bool = True) -> 'requests.Session':
'''
Generates a requests.Session object with a custom adapter that uses a custom SSLContext.
This is intended to be used for requests that need to be secure, but not necessarily verified.
Removes the support for TLS1.0 and TLS1.1, and disables SSLv2 and SSLv3. (done in @createClientSslContext)
Args:
verify: If True, the server certificate will be verified. (Default: True)
Returns:
A requests.Session object.
'''
class UDSHTTPAdapter(requests.adapters.HTTPAdapter):
def init_poolmanager(self, *args, **kwargs) -> None:
sslContext = createClientSslContext(verify=verify)

5
server/src/uds/mfas/SMS/mfa.py
View File

@ -34,12 +34,13 @@ import re
import logging
from django.utils.translation import gettext_noop as _, gettext
import requests
import requests.auth
from uds import models
from uds.core import mfas
from uds.core.ui import gui
from uds.core.util import security
if typing.TYPE_CHECKING:
from uds.core.module import Module
@ -284,7 +285,7 @@ class SMSMFA(mfas.MFA):
return url
def getSession(self) -> requests.Session:
session = requests.Session()
session = security.secureRequestsSession(verify=self.ignoreCertificateErrors.isTrue())
# 0 means no authentication
if self.authenticationMethod.value == '1':
session.auth = requests.auth.HTTPBasicAuth(