tom/doorlockd-mirror
1
0
Fork 0
mirror of https://github.com/binary-kitchen/doorlockd synced 2024-12-21 10:04:26 +01:00
Code Issues Releases Wiki Activity

WebApp: Api: "status" command without credentials

Browse Source 
This allows the "status" command to be executed without credentials.

Signed-off-by: Thomas Schmid <tom@lfence.de>
This commit is contained in:
Thomas 2024-01-10 22:59:42 +01:00
parent ae989da661
commit e50fe08267
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pydoorlock/WebApp.py
View File

@ -120,6 +120,9 @@ def api():
password = request.form.get('pass')
command = request.form.get('command')
if (command is not None) and (command == 'status'):
return json_response(DoorlockResponse.Success)
if any(v is None for v in [user, password, command]):
log.warning('Incomplete API request')
abort(400)
@ -131,9 +134,6 @@ def api():
credentials = user, password
if command == 'status':
return json_response(logic.auth.try_auth(credentials))
desired_state = DoorState.from_string(command)
if not desired_state:
return json_response(DoorlockResponse.Inval, "Invalid command requested")