thoroughly validate user

This commit is contained in:
Jakob Ketterl 2021-02-08 17:09:22 +01:00
parent 2c6b0e3d30
commit d9578cc5f4

View File

@ -1,6 +1,7 @@
from .template import WebpageController from .template import WebpageController
from .session import SessionStorage from .session import SessionStorage
from owrx.config import Config from owrx.config import Config
from owrx.users import UserList
from urllib import parse from urllib import parse
import logging import logging
@ -10,10 +11,19 @@ logger = logging.getLogger(__name__)
class Authentication(object): class Authentication(object):
def isAuthenticated(self, request): def isAuthenticated(self, request):
if "owrx-session" in request.cookies: if "owrx-session" not in request.cookies:
session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value) return False
return session is not None session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value)
return False if session is None:
return False
if "user" not in session:
return False
userList = UserList.getSharedInstance()
try:
user = userList[session["user"]]
return user.is_enabled()
except KeyError:
return False
class AdminController(WebpageController): class AdminController(WebpageController):