Forbid unwanted realms from add products

This commit is contained in:
PCoder 2019-09-14 13:19:22 +05:30
parent 73a7d9dc8b
commit c83c7720b3
1 changed files with 8 additions and 1 deletions

View File

@ -2,7 +2,7 @@ import binascii
import json import json
import requests import requests
from decouple import config from decouple import config, Csv
from flask import Flask, request from flask import Flask, request
from flask_restful import Resource, Api from flask_restful import Resource, Api
from pyotp import TOTP from pyotp import TOTP
@ -54,6 +54,13 @@ class AddProduct(Resource):
def post(): def post():
data = request.json data = request.json
logging.debug("Got data: {}".format(str(data))) logging.debug("Got data: {}".format(str(data)))
REALM_ALLOWED = config("REALM_ALLOWED", cast=Csv(str))
logging.debug("REALM_ALLOWED = {}".format(REALM_ALLOWED))
if data["realm"] not in REALM_ALLOWED:
logging.error(
"The given realm {} is not "
"allowed to do add product".format(data["realm"]))
return {"message": "Forbidden"}, 403
otp_response = check_otp(data["name"], data["realm"], otp_response = check_otp(data["name"], data["realm"],
data["token"]) data["token"])
if otp_response != 200: if otp_response != 200: