Commit 324e8a9c authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Fix bug in auth

parent 1d126a2b
...@@ -53,33 +53,25 @@ def _apiclient_get(request): ...@@ -53,33 +53,25 @@ def _apiclient_get(request):
return None return None
def _webpage_client_userid(request): def _webpage_client_userid(request):
userid = ''
username = request.POST.get('username') username = request.POST.get('username')
if username.startswith('webpage-client:'): if username.startswith('webpage-client:'):
components = username.split(':', maxsplit=1) components = username.split(':', maxsplit=1)
if len(components) == 2: if len(components) == 2:
return components[1] userid = components[1]
return '' return userid
def _webpage_client_session(request):
query = Session.objects.filter(
session_key=request.POST.get('password'),
)
if query.exists() and len(query) == 1:
return query.first()
return None
def _webpage_client_valid(request): def _webpage_client_valid(request):
userid = _webpage_client_userid(request) userid = _webpage_client_userid(request)
session = _webpage_client_session(request) try:
session = Session.objects.get(
if ( session_key=request.POST.get('password'),
_webpage_client_userid(request) != '' )
and session.get_decoded().get('_auth_user_id') == userid return session.get_decoded().get('_auth_user_id') == userid
):
return True
#LOGGER.error('Failed to authenticate webpage client for RabbitMQ') except Session.DoesNotExist:
return False LOGGER.info("User %s has no session", userid)
return False
# VIEWS: authentication and authorization for # VIEWS: authentication and authorization for
# apiclients and webpage-clients # apiclients and webpage-clients
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment