Skip to content
Snippets Groups Projects
Commit 218fb483 authored by Jan Hartig's avatar Jan Hartig
Browse files

Add cert check to unlockroom endpoint

parent 3439e99a
No related branches found
No related tags found
1 merge request!23Add cert check to unlockroom endpoint
Pipeline #30133 passed
...@@ -35,6 +35,8 @@ ROOMS_VALID_FOR_S = app.config.ROOMS_VALID_FOR * 24 * 60 * 60 # d, h, m -> s ...@@ -35,6 +35,8 @@ ROOMS_VALID_FOR_S = app.config.ROOMS_VALID_FOR * 24 * 60 * 60 # d, h, m -> s
@app.post('/unlockroom') @app.post('/unlockroom')
async def unlock_room(request: Request): async def unlock_room(request: Request):
check_auth(request)
try: try:
room = request.json["room"] room = request.json["room"]
if len(room) == 0: if len(room) == 0:
...@@ -61,17 +63,10 @@ async def unlock_room(request: Request): ...@@ -61,17 +63,10 @@ async def unlock_room(request: Request):
@app.route('/cert2room') @app.route('/cert2room')
async def cert2room(request: Request): async def cert2room(request: Request):
s_dn = request.headers.get("SSL-Client-S-DN") dn = check_auth(request)
serial = request.headers.get("SSL-Client-Serial") serial = request.headers.get("SSL-Client-Serial")
if s_dn and serial: if serial:
# Turn distinguished names string into dict
dn = dict(item.split("=") for item in s_dn.split(","))
# Check if User is PTB
if not dn["O"] == "Physikalisch-Technische Bundesanstalt":
raise Unauthorized("Unauthorized")
# Get user's room & email from json file # Get user's room & email from json file
try: try:
serial2room = await get_serial2room() serial2room = await get_serial2room()
...@@ -97,6 +92,22 @@ async def cert2room(request: Request): ...@@ -97,6 +92,22 @@ async def cert2room(request: Request):
raise InvalidUsage raise InvalidUsage
def check_auth(request: Request) -> dict:
s_dn = request.headers.get("SSL-Client-S-DN")
if not s_dn:
raise InvalidUsage
# Turn distinguished names string into dict
dn = dict(item.split("=") for item in s_dn.split(","))
# Check if User is PTB
if not dn["O"] == "Physikalisch-Technische Bundesanstalt":
raise Unauthorized("Unauthorized")
return dn
def get_random_room() -> str: def get_random_room() -> str:
adjectives = r.random_words(2, include_parts_of_speech=["adjectives"]) adjectives = r.random_words(2, include_parts_of_speech=["adjectives"])
nouns = r.random_words(2, include_parts_of_speech=["nouns"]) nouns = r.random_words(2, include_parts_of_speech=["nouns"])
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment