From 5d87d16d3d6e63a4344566a5099589db5c483279 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Wed, 3 Jun 2015 15:04:57 +0000
Subject: [PATCH] require service on auth_pwonly
---
authserv/app_main.py | 5 +++--
authserv/test/test_app_main.py | 3 +++
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/authserv/app_main.py b/authserv/app_main.py
index 1701687..adab20a 100644
--- a/authserv/app_main.py
+++ b/authserv/app_main.py
@@ -55,15 +55,16 @@ def api_auth():
@app.route('/api/1/auth_pwonly', methods=('POST',))
def api_auth_pwonly():
+ service = request.form.get('service')
username = request.form.get('username')
password = request.form.get('password')
- if not username:
+ if not service or not username:
abort(400)
try:
auth_status, errmsg, unused_shard = do_auth(
- username, None, None, password, None, None,
+ username, service, None, password, None, None,
password_only=True)
except Exception, e:
app.logger.exception('Unexpected exception in auth_pwonly()')
diff --git a/authserv/test/test_app_main.py b/authserv/test/test_app_main.py
index b54ad53..f0d2699 100644
--- a/authserv/test/test_app_main.py
+++ b/authserv/test/test_app_main.py
@@ -223,6 +223,7 @@ class ServerTest(unittest.TestCase):
response = self.app.post(
URL_PWONLY, data={
'username': 'user',
+ 'service': 'svc',
'password': 'pass'})
self.assertEquals(protocol.OK, response.data)
@@ -230,6 +231,7 @@ class ServerTest(unittest.TestCase):
response = self.app.post(
URL_PWONLY, data={
'username': 'otpuser',
+ 'service': 'svc',
'password': 'pass'})
self.assertEquals(protocol.OK, response.data)
@@ -237,6 +239,7 @@ class ServerTest(unittest.TestCase):
response = self.app.post(
URL_PWONLY, data={
'username': 'user',
+ 'service': 'svc',
'password': 'badpass'})
self.assertEquals(protocol.ERR_AUTHENTICATION_FAILURE,
response.data)
--
GitLab