Commit 324e8a9c authored by Lukas Burgey's avatar Lukas Burgey

Fix bug in auth

parent 1d126a2b
......@@ -53,33 +53,25 @@ def _apiclient_get(request):
return None
def _webpage_client_userid(request):
userid = ''
username = request.POST.get('username')
if username.startswith('webpage-client:'):
components = username.split(':', maxsplit=1)
if len(components) == 2:
return components[1]
return ''
def _webpage_client_session(request):
query = Session.objects.filter(
session_key=request.POST.get('password'),
)
if query.exists() and len(query) == 1:
return query.first()
return None
userid = components[1]
return userid
def _webpage_client_valid(request):
userid = _webpage_client_userid(request)
session = _webpage_client_session(request)
if (
_webpage_client_userid(request) != ''
and session.get_decoded().get('_auth_user_id') == userid
):
return True
try:
session = Session.objects.get(
session_key=request.POST.get('password'),
)
return session.get_decoded().get('_auth_user_id') == userid
#LOGGER.error('Failed to authenticate webpage client for RabbitMQ')
return False
except Session.DoesNotExist:
LOGGER.info("User %s has no session", userid)
return False
# VIEWS: authentication and authorization for
# apiclients and webpage-clients
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment