check that user has permission to use app

2019-09-28 03:40:27 -04:00 · 2019-09-28 03:40:27 -04:00 · 71c7eac463
commit 71c7eac463
parent 0f8f691a3e
1 changed files with 6 additions and 1 deletions
--- a/buckler.py
+++ b/buckler.py
@ -67,7 +67,7 @@ async def change_password(request):
 	new_pw = data.get('new_password')
 	verify_pw = data.get('verify_password')

-	if not all(current_pw, new_pw, verify_pw):
+	if not all((current_pw, new_pw, verify_pw)):
 		return
 	if not new_pw == verify_pw:
 		return
@ -268,6 +268,11 @@ async def get_session(request):
 						user_id, user_sid)
 				await conn.close()

+				if not data: # user not permitted to use app
+					error = {'error': "you do not have permission to "
+						"access to this application."}
+					return web.json_response(error)
+
 				data_meta = dict(data)
 				data_meta['last_used'] = session['last_used'].isoformat()
 				data_meta['user_sid'] = user_sid