Merge pull request #68 from openimis/security-fixes

Security fixes
openimis · Dec 3, 2021 · 0504e43 · 0504e43
2 parents 2c49d6f + fc2ea87
commit 0504e43
Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/openIMIS/openIMIS/settings.py b/openIMIS/openIMIS/settings.py
@@ -170,7 +170,8 @@ def SITE_URL():
 INSTALLED_APPS += ["signal_binding"]  # Signal binding should be last installed module
 
 AUTHENTICATION_BACKENDS = []
-if bool(os.environ.get("REMOTE_USER_AUTHENTICATION", False)):
+
+if os.environ.get("REMOTE_USER_AUTHENTICATION", "false").lower() == "true":
     AUTHENTICATION_BACKENDS += ["core.security.RemoteUserBackend"]
 
 AUTHENTICATION_BACKENDS += [
@@ -204,7 +205,7 @@ def SITE_URL():
 ]
 
 
-if bool(os.environ.get("REMOTE_USER_AUTHENTICATION", False)):
+if os.environ.get("REMOTE_USER_AUTHENTICATION", "false").lower() == "true":
     MIDDLEWARE += ["core.security.RemoteUserMiddleware"]
 MIDDLEWARE += [
     "django.contrib.messages.middleware.MessageMiddleware",

diff --git a/openIMIS/openIMIS/urls.py b/openIMIS/openIMIS/urls.py
@@ -21,13 +21,13 @@
 from .views import OpenIMISGraphQLView
 
 from .openimisurls import openimis_urls
-from .settings import SITE_ROOT
+from .settings import SITE_ROOT, DEBUG
 
 urlpatterns = [
     path("%sadmin/" % SITE_ROOT(), admin.site.urls),
     path(
         "%sgraphql" % SITE_ROOT(),
-        jwt_cookie(csrf_exempt(OpenIMISGraphQLView.as_view(graphiql=True))),
+        jwt_cookie(csrf_exempt(OpenIMISGraphQLView.as_view(graphiql=DEBUG))),
     ),
     url(r"^ht/", include("health_check.urls")),
 ] + openimis_urls()