Forbid unwanted realms from add products

This commit is contained in:
PCoder 2019-09-14 13:19:22 +05:30
parent 73a7d9dc8b
commit c83c7720b3
1 changed files with 8 additions and 1 deletions

View File

@ -2,7 +2,7 @@ import binascii
import json
import requests
from decouple import config
from decouple import config, Csv
from flask import Flask, request
from flask_restful import Resource, Api
from pyotp import TOTP
@ -54,6 +54,13 @@ class AddProduct(Resource):
def post():
data = request.json
logging.debug("Got data: {}".format(str(data)))
REALM_ALLOWED = config("REALM_ALLOWED", cast=Csv(str))
logging.debug("REALM_ALLOWED = {}".format(REALM_ALLOWED))
if data["realm"] not in REALM_ALLOWED:
logging.error(
"The given realm {} is not "
"allowed to do add product".format(data["realm"]))
return {"message": "Forbidden"}, 403
otp_response = check_otp(data["name"], data["realm"],
data["token"])
if otp_response != 200: