Compare commits
No commits in common. "dffb099cc049cc7b98e2b39fb79d61c6fd07ca0a" and "f36f052c9791ee0ee0219eaba0ec2f52b866c8c8" have entirely different histories.
dffb099cc0
...
f36f052c97
@ -51,6 +51,6 @@ def invitation_url(token):
|
|||||||
return url
|
return url
|
||||||
|
|
||||||
allowed_grant = [
|
allowed_grant = [
|
||||||
{ "roles": 1, "allowed": [1,2] },
|
{ roles: 1, allowed: [1,2] },
|
||||||
{ "roles": 2, "allowed": [2] },
|
{ roles: 2, allowed: [2] },
|
||||||
]
|
]
|
||||||
|
|||||||
@ -228,7 +228,7 @@ def index():
|
|||||||
params["mako" ] = {
|
params["mako" ] = {
|
||||||
"email" : template_email.main(directory.page["email"], "accept")
|
"email" : template_email.main(directory.page["email"], "accept")
|
||||||
}
|
}
|
||||||
return json.dumps(api_auth.auth().invite(params), indent = 2).encode()
|
return json.dumps(api_auth.auth().forgot(params), indent = 2).encode()
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(str(e),flush=True)
|
print(str(e),flush=True)
|
||||||
return json.dumps({}, indent = 2).encode()
|
return json.dumps({}, indent = 2).encode()
|
||||||
|
|||||||
@ -6,7 +6,6 @@ from config import database, email, globalvar
|
|||||||
|
|
||||||
import bcrypt
|
import bcrypt
|
||||||
import datetime
|
import datetime
|
||||||
import re
|
|
||||||
|
|
||||||
from scripts import loggorilla, saltedkey, googly, tokenguard, sendwave
|
from scripts import loggorilla, saltedkey, googly, tokenguard, sendwave
|
||||||
|
|
||||||
@ -255,9 +254,6 @@ class auth:
|
|||||||
jwt = auth_header.split(' ')[1]
|
jwt = auth_header.split(' ')[1]
|
||||||
payload = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
|
payload = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
|
||||||
session_id = payload["session"]["id"]
|
session_id = payload["session"]["id"]
|
||||||
loggorilla.prcss(APIADDR, "Account validation")
|
|
||||||
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, jwt)
|
|
||||||
user = user_validation['data']
|
|
||||||
loggorilla.prcss(APIADDR, "Get dependency data")
|
loggorilla.prcss(APIADDR, "Get dependency data")
|
||||||
self.cursor.execute("SELECT COUNT(*) AS `count`, auth.token, auth_profile.id, auth_profile.username, auth.password FROM auth_profile INNER JOIN auth ON auth.token = auth_profile.token WHERE auth_profile.username = %s ; ", (user['profile']['username'],) )
|
self.cursor.execute("SELECT COUNT(*) AS `count`, auth.token, auth_profile.id, auth_profile.username, auth.password FROM auth_profile INNER JOIN auth ON auth.token = auth_profile.token WHERE auth_profile.username = %s ; ", (user['profile']['username'],) )
|
||||||
result_login = self.cursor.fetchone()
|
result_login = self.cursor.fetchone()
|
||||||
@ -265,6 +261,9 @@ class auth:
|
|||||||
result_email = self.cursor.fetchone()
|
result_email = self.cursor.fetchone()
|
||||||
self.cursor.execute("SELECT COUNT(*) AS `count` FROM auth_profile WHERE username = %s ; ", (username,) )
|
self.cursor.execute("SELECT COUNT(*) AS `count` FROM auth_profile WHERE username = %s ; ", (username,) )
|
||||||
result_username = self.cursor.fetchone()
|
result_username = self.cursor.fetchone()
|
||||||
|
loggorilla.prcss(APIADDR, "Account validation")
|
||||||
|
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, token)
|
||||||
|
user = user_validation['data']
|
||||||
loggorilla.prcss(APIADDR, "Validating")
|
loggorilla.prcss(APIADDR, "Validating")
|
||||||
if not procedure_grant.is_grant_allowed(user['profile']['roles'], roles, allowed_grant):
|
if not procedure_grant.is_grant_allowed(user['profile']['roles'], roles, allowed_grant):
|
||||||
loggorilla.accss(APIADDR, f"{user['profile']['username']} do invitation with unallowed role(s)")
|
loggorilla.accss(APIADDR, f"{user['profile']['username']} do invitation with unallowed role(s)")
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user