Browse Source

Forbid unwanted realms from add products

master
PCoder 3 years ago
parent
commit
c83c7720b3
  1. 9
      ucloud-pay.py

9
ucloud-pay.py

@ -2,7 +2,7 @@ import binascii
import json
import requests
from decouple import config
from decouple import config, Csv
from flask import Flask, request
from flask_restful import Resource, Api
from pyotp import TOTP
@ -54,6 +54,13 @@ class AddProduct(Resource):
def post():
data = request.json
logging.debug("Got data: {}".format(str(data)))
REALM_ALLOWED = config("REALM_ALLOWED", cast=Csv(str))
logging.debug("REALM_ALLOWED = {}".format(REALM_ALLOWED))
if data["realm"] not in REALM_ALLOWED:
logging.error(
"The given realm {} is not "
"allowed to do add product".format(data["realm"]))
return {"message": "Forbidden"}, 403
otp_response = check_otp(data["name"], data["realm"],
data["token"])
if otp_response != 200:

Loading…
Cancel
Save