aji/costapy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: aji:f36f052c9791ee0ee0219eaba0ec2f52b866c8c8
Branches Tags
aji:master
aji:template/sbmodernbiz
aji:system/authsquare
aji:template/prime
aji:template/ezmail
aji:system/highlight
aji:system/bruno
aji:system/invlab
aji:template/kiddy
aji:bottle
aji:cherrypy
...
compare: aji:dffb099cc049cc7b98e2b39fb79d61c6fd07ca0a
Branches Tags
aji:template/sbmodernbiz
aji:system/authsquare
aji:template/prime
aji:template/ezmail
aji:system/highlight
aji:system/bruno
aji:master
aji:system/invlab
aji:template/kiddy
aji:bottle
aji:cherrypy

4 Commits
f36f052c97 ... dffb099cc0

Author SHA1 Message Date
Dita Aji Pratama
dffb099cc0 For username validation with regex 2025-08-09 17:47:30 +07:00
Dita Aji Pratama
4c8176dd66 Move account validation 2025-08-09 17:47:01 +07:00
Dita Aji Pratama
852559d97a Fixing false function 2025-08-09 17:43:54 +07:00
Dita Aji Pratama
828f461909 Update allowed_grant 2025-08-09 16:52:12 +07:00
3 changed files with 7 additions and 6 deletions
Show Stats Expand all files Collapse all files

4
config/globalvar.py
View File

@ -51,6 +51,6 @@ def invitation_url(token):
return url
allowed_grant = [
{ roles: 1, allowed: [1,2] },
{ roles: 2, allowed: [2] },
{ "roles": 1, "allowed": [1,2] },
{ "roles": 2, "allowed": [2] },
]

2
handler.py
View File

@ -228,7 +228,7 @@ def index():
params["mako" ] = {
"email" : template_email.main(directory.page["email"], "accept")
}
return json.dumps(api_auth.auth().forgot(params), indent = 2).encode()
return json.dumps(api_auth.auth().invite(params), indent = 2).encode()
except Exception as e:
print(str(e),flush=True)
return json.dumps({}, indent = 2).encode()

7
modules/api/auth.py
View File

@ -6,6 +6,7 @@ from config import database, email, globalvar
import bcrypt
import datetime
import re
from scripts import loggorilla, saltedkey, googly, tokenguard, sendwave
@ -254,6 +255,9 @@ class auth:
jwt = auth_header.split(' ')[1]
payload = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
session_id = payload["session"]["id"]
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, jwt)
user = user_validation['data']
loggorilla.prcss(APIADDR, "Get dependency data")
self.cursor.execute("SELECT COUNT(*) AS `count`, auth.token, auth_profile.id, auth_profile.username, auth.password FROM auth_profile INNER JOIN auth ON auth.token = auth_profile.token WHERE auth_profile.username = %s ; ", (user['profile']['username'],) )
result_login = self.cursor.fetchone()
@ -261,9 +265,6 @@ class auth:
result_email = self.cursor.fetchone()
self.cursor.execute("SELECT COUNT(*) AS `count` FROM auth_profile WHERE username = %s ; ", (username,) )
result_username = self.cursor.fetchone()
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, token)
user = user_validation['data']
loggorilla.prcss(APIADDR, "Validating")
if not procedure_grant.is_grant_allowed(user['profile']['roles'], roles, allowed_grant):
loggorilla.accss(APIADDR, f"{user['profile']['username']} do invitation with unallowed role(s)")