1
0
mirror of https://github.com/binary-kitchen/doorlockd synced 2024-12-06 20:20:33 +01:00

WebApp: Api: "status" command without credentials

This allows the "status" command to be executed without credentials.

Signed-off-by: Thomas Schmid <tom@lfence.de>
This commit is contained in:
Thomas 2024-01-10 22:59:42 +01:00
parent ae989da661
commit e50fe08267

View File

@ -120,6 +120,9 @@ def api():
password = request.form.get('pass')
command = request.form.get('command')
if (command is not None) and (command == 'status'):
return json_response(DoorlockResponse.Success)
if any(v is None for v in [user, password, command]):
log.warning('Incomplete API request')
abort(400)
@ -131,9 +134,6 @@ def api():
credentials = user, password
if command == 'status':
return json_response(logic.auth.try_auth(credentials))
desired_state = DoorState.from_string(command)
if not desired_state:
return json_response(DoorlockResponse.Inval, "Invalid command requested")