flaschengeist/controller/sessionController.py

@@ -13,15 +13,15 @@ lifetime = 1800
 
 def __get_user_agent_platform(ua: str):
     if "Win" in ua:
-        return "Windows"
+        return "windows"
     if "Mac" in ua:
-        return "Macintosh"
+        return "macintosh"
     if "Linux" in ua:
-        return "Linux"
+        return "linux"
     if "Android" in ua:
-        return "Android"
+        return "android"
     if "like Mac" in ua:
-        return "iOS"
+        return "ios"
     return "unknown"
 
 
@@ -84,12 +84,12 @@ def validate_token(token, request_headers, permission):
     raise Unauthorized
 
 
-def create(user, user_agent=None) -> Session:
+def create(user, request_headers=None) -> Session:
     """Create a Session
 
     Args:
         user: For which User is to create a Session
-        user_agent: User agent to identify session
+        request_headers: Headers to validate user agent of browser
 
     Returns:
             Session: A created Token for User
@@ -100,8 +100,10 @@ def create(user, user_agent=None) -> Session:
         token=token_str,
         user_=user,
         lifetime=lifetime,
-        browser=user_agent.browser,
-        platform=user_agent.platform,
+        platform=request_headers.get("Sec-CH-UA-Platform", None)
+        or __get_user_agent_platform(request_headers.get("User-Agent", "")),
+        browser=request_headers.get("Sec-CH-UA", None)
+        or __get_user_agent_browser(request_headers.get("User-Agent", "")),
     )
     session.refresh()
     db.session.add(session)

flaschengeist/plugins/auth/__init__.py

@@ -40,7 +40,7 @@ def login():
     user = userController.login_user(userid, password)
     if not user:
         raise Unauthorized
-    session = sessionController.create(user, user_agent=request.user_agent)
+    session = sessionController.create(user, request_headers=request.headers)
     logger.debug(f"token is {session.token}")
     logger.info(f"User {userid} logged in.")