perbaikan fixlength saat get raw jika character is None

aagusti
Commit 1d7784d2 authored Sep 12, 2022 by aagusti
Showing 3 changed files with 24 additions and 5 deletions
opensipkd/base/security.py
opensipkd/base/views/user_login.py
opensipkd/base/views/widgets/blok_kav_no.pt
--- a/opensipkd/base/security.py
+++ b/opensipkd/base/security.py
 import logging
+from opensipkd.base import get_params
 from opensipkd.models import (User, UserGroup, DBSession, )
+from pyramid.security import remember, forget
 log = logging.getLogger(__name__)
@@ -28,7 +30,20 @@ def get_user(request):
    user_id = request.authenticated_userid
    if user_id:
        q = DBSession.query(User).filter_by(id=user_id)
-        return q.first()
+        row = q.first()
+        if get_params("one_browser", False) and row.security_code != request.session["token"]:
+            # cek apakah session["token"]= security_code yang disimpan oleh
+            # user_login.Login.login
+            # hapus jika beda
+            request.session.flash("Silahkan login ulang")
+            headers = forget(request)
+            request.session.delete()
+            request.response.headers.update(headers)
+            if "g_state" in request.cookies:
+                request.response.delete_cookie("g_state", '/')
+            return
+        return row
 # def get_user(request):

--- a/opensipkd/base/views/user_login.py
+++ b/opensipkd/base/views/user_login.py
@@ -87,6 +87,11 @@ class LoginUser(object):
            self.message = "Login Gagal"
            set_user_log(self.message, self.request, log, values["username"])
            return
+        # generate security_code dan simpan dalam session
+        regenerate_security_code(self.user, 0.03) # berlaku selama 1.8 menit
+        # dicek pada module security get_user
+        self.request.session["token"]=self.user.security_code
        return True
@@ -144,7 +149,6 @@ class ViewLogin(BaseView):
                    request.session.flash(login.message, "error")
                    next_url = f"{request.route_url('login')}?next={next_url}"
                    return HTTPFound(location=next_url)
            return redirect_login(request, user)
        elif 'register' in request.POST:

--- a/opensipkd/base/views/widgets/blok_kav_no.pt
+++ b/opensipkd/base/views/widgets/blok_kav_no.pt
@@ -13,7 +13,7 @@
                 class="span2 form-control ${css_class or ''}"
                 tal:attributes="style style;
                       blok_kav_no_attributes|field.widget.blok_kav_no_attributes|{};"
-                 maxlength="4" minlength="4" placeholder="Tahun"
+                 maxlength="15" minlength="" placeholder="Blok Kav No"
                 id="${oid}"/>
        </span>
        <span class="input-group-addon">
@@ -21,7 +21,7 @@
                 class="span2 form-control ${css_class or ''}"
                 tal:attributes="style style;
             				 rt_attributes|field.widget.rt_attributes|{};"
-                 maxlength="4" minlength="4" placeholder="rt"
+                 maxlength="3" minlength="3" placeholder="RT"
                 id="${oid}-rt"/>
        </span>
        <span class="input-group-addon">
@@ -29,7 +29,7 @@
                  class="span2 form-control ${css_class or ''}"
                  tal:attributes="style style;
             				 rw_attributes|field.widget.rw_attributes|{};"
-                  maxlength="3" minlength="3" placeholder="Urut"
+                  maxlength="2" minlength="2" placeholder="RW"
                  id="${oid}-rw"/>
        </span>
      </div>