aji/costapy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move account validation

Browse Source
This commit is contained in:
Dita Aji Pratama 2025-08-09 17:47:01 +07:00
parent 852559d97a
commit 4c8176dd66
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/api/auth.py
View File

@ -254,6 +254,9 @@ class auth:
jwt = auth_header.split(' ')[1] jwt = auth_header.split(' ')[1]
payload = tokenguard.decode(jwt, globalvar.ssh['key']['public']) payload = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
session_id = payload["session"]["id"] session_id = payload["session"]["id"]
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, jwt)
user = user_validation['data']
loggorilla.prcss(APIADDR, "Get dependency data") loggorilla.prcss(APIADDR, "Get dependency data")
self.cursor.execute("SELECT COUNT(*) AS `count`, auth.token, auth_profile.id, auth_profile.username, auth.password FROM auth_profile INNER JOIN auth ON auth.token = auth_profile.token WHERE auth_profile.username = %s ; ", (user['profile']['username'],) ) self.cursor.execute("SELECT COUNT(*) AS `count`, auth.token, auth_profile.id, auth_profile.username, auth.password FROM auth_profile INNER JOIN auth ON auth.token = auth_profile.token WHERE auth_profile.username = %s ; ", (user['profile']['username'],) )
result_login = self.cursor.fetchone() result_login = self.cursor.fetchone()
@ -261,9 +264,6 @@ class auth:
result_email = self.cursor.fetchone() result_email = self.cursor.fetchone()
self.cursor.execute("SELECT COUNT(*) AS `count` FROM auth_profile WHERE username = %s ; ", (username,) ) self.cursor.execute("SELECT COUNT(*) AS `count` FROM auth_profile WHERE username = %s ; ", (username,) )
result_username = self.cursor.fetchone() result_username = self.cursor.fetchone()
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, token)
user = user_validation['data']
loggorilla.prcss(APIADDR, "Validating") loggorilla.prcss(APIADDR, "Validating")
if not procedure_grant.is_grant_allowed(user['profile']['roles'], roles, allowed_grant): if not procedure_grant.is_grant_allowed(user['profile']['roles'], roles, allowed_grant):
loggorilla.accss(APIADDR, f"{user['profile']['username']} do invitation with unallowed role(s)") loggorilla.accss(APIADDR, f"{user['profile']['username']} do invitation with unallowed role(s)")