flaschengeist/controller/pluginController.py

@@ -25,6 +25,7 @@ def get_enabled_plugins():
         class PluginStub:
             def __init__(self, name) -> None:
                 self.name = name
+                self.version = "?"
 
         logger.error("Could not connect to database or database not initialized! No plugins enabled!")
         logger.debug("Can not query enabled plugins", exc_info=True)

flaschengeist/controller/sessionController.py

@@ -11,7 +11,36 @@ from ..database import db
 lifetime = 1800
 
 
-def validate_token(token, user_agent, permission):
+def __get_user_agent_platform(ua: str):
+    if "Win" in ua:
+        return "Windows"
+    if "Mac" in ua:
+        return "Macintosh"
+    if "Linux" in ua:
+        return "Linux"
+    if "Android" in ua:
+        return "Android"
+    if "like Mac" in ua:
+        return "iOS"
+    return "unknown"
+
+
+def __get_user_agent_browser(ua: str):
+    ua_str = ua.lower()
+    if "firefox" in ua_str or "fxios" in ua_str:
+        return "firefox"
+    if "safari" in ua_str:
+        return "safari"
+    if "opr/" in ua_str:
+        return "opera"
+    if "edg" in ua_str:
+        return "edge"
+    if "chrom" in ua_str or "crios" in ua_str:
+        return "chrome"
+    return "unknown"
+
+
+def validate_token(token, request_headers, permission):
     """Verify session
 
     Verify a Session and Roles so if the User has permission or not.
@@ -19,7 +48,7 @@ def validate_token(token, user_agent, permission):
 
     Args:
         token: Token to verify.
-        user_agent: User agent of browser to check
+        request_headers: Headers to validate user agent of browser
         permission: Permission needed to access restricted routes
     Returns:
         A Session for this given Token
@@ -31,8 +60,16 @@ def validate_token(token, user_agent, permission):
     session = Session.query.filter_by(token=token).one_or_none()
     if session:
         logger.debug("token found, check if expired or invalid user agent differs")
+
+        platform = request_headers.get("Sec-CH-UA-Platform", None) or __get_user_agent_platform(
+            request_headers.get("User-Agent", "")
+        )
+        browser = request_headers.get("Sec-CH-UA", None) or __get_user_agent_browser(
+            request_headers.get("User-Agent", "")
+        )
+
         if session.expires >= datetime.now(timezone.utc) and (
-            session.browser == user_agent.browser and session.platform == user_agent.platform
+            session.browser == browser and session.platform == platform
         ):
             if not permission or session.user_.has_permission(permission):
                 session.refresh()

flaschengeist/models/session.py

@@ -20,8 +20,8 @@ class Session(db.Model, ModelSerializeMixin):
     expires: datetime = db.Column(UtcDateTime)
     token: str = db.Column(db.String(32), unique=True)
     lifetime: int = db.Column(db.Integer)
-    browser: str = db.Column(db.String(30))
+    browser: str = db.Column(db.String(127))
-    platform: str = db.Column(db.String(30))
+    platform: str = db.Column(db.String(64))
     userid: str = ""
 
     _id = db.Column("id", Serial, primary_key=True)

flaschengeist/utils/decorators.py

@@ -14,7 +14,7 @@ def extract_session(permission=None):
         logger.debug("Missing Authorization header or ill-formed")
         raise Unauthorized
 
-    session = sessionController.validate_token(token, request.user_agent, permission)
+    session = sessionController.validate_token(token, request.headers, permission)
     return session
 
 

setup.cfg

@@ -22,14 +22,14 @@ include_package_data = True
 python_requires = >=3.10
 packages = find:
 install_requires =
-    Flask==2.0.3
+    Flask>=2.2.2
-    Pillow>=9.0
+    Pillow>=9.2
     flask_cors
     flask_migrate>=3.1.0
     flask_sqlalchemy>=2.5.1
-    sqlalchemy>=1.4.39
+    sqlalchemy>=1.4.40
     toml
-    werkzeug==2.0.3
+    werkzeug>=2.2.2
 
 [options.extras_require]
 argon = argon2-cffi