thoroughly validate user

This commit is contained in:
Jakob Ketterl 2021-02-08 17:09:22 +01:00
parent 2c6b0e3d30
commit d9578cc5f4

View File

@ -1,6 +1,7 @@
from .template import WebpageController
from .session import SessionStorage
from owrx.config import Config
from owrx.users import UserList
from urllib import parse
import logging
@ -10,9 +11,18 @@ logger = logging.getLogger(__name__)
class Authentication(object):
def isAuthenticated(self, request):
if "owrx-session" in request.cookies:
if "owrx-session" not in request.cookies:
return False
session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value)
return session is not None
if session is None:
return False
if "user" not in session:
return False
userList = UserList.getSharedInstance()
try:
user = userList[session["user"]]
return user.is_enabled()
except KeyError:
return False