mirror of
https://github.com/binary-kitchen/doorlockd
synced 2024-12-06 20:20:33 +01:00
WebApp: Api: "status" command without credentials
This allows the "status" command to be executed without credentials. Signed-off-by: Thomas Schmid <tom@lfence.de>
This commit is contained in:
parent
ae989da661
commit
e50fe08267
@ -120,6 +120,9 @@ def api():
|
||||
password = request.form.get('pass')
|
||||
command = request.form.get('command')
|
||||
|
||||
if (command is not None) and (command == 'status'):
|
||||
return json_response(DoorlockResponse.Success)
|
||||
|
||||
if any(v is None for v in [user, password, command]):
|
||||
log.warning('Incomplete API request')
|
||||
abort(400)
|
||||
@ -131,9 +134,6 @@ def api():
|
||||
|
||||
credentials = user, password
|
||||
|
||||
if command == 'status':
|
||||
return json_response(logic.auth.try_auth(credentials))
|
||||
|
||||
desired_state = DoorState.from_string(command)
|
||||
if not desired_state:
|
||||
return json_response(DoorlockResponse.Inval, "Invalid command requested")
|
||||
|
Loading…
Reference in New Issue
Block a user