- Improved CSRF handling

- Wordpress plugin for Evie Chat
2024-08-13 14:31:29 +02:00
parent ab38dd7540
commit a237db339a
14 changed files with 944 additions and 23 deletions
--- a/common/utils/middleware.py
+++ b/common/utils/middleware.py
@@ -4,7 +4,8 @@ for handling tenant requests
 """

 from flask_security import current_user
-from flask import session, current_app
+from flask import session, current_app, redirect
+from common.utils.nginx_utils import prefixed_url_for

 from .database import Database

@@ -15,6 +16,10 @@ def mw_before_request():
    switch tenant schema
    """

+    if 'tenant' not in session:
+        current_app.logger.warning('No tenant defined in session')
+        return redirect(prefixed_url_for('security_bp.login'))
+
    tenant_id = session['tenant']['id']
    if not tenant_id:
        raise Exception('Cannot switch schema for tenant: no tenant defined in session')