comparison web/templog.py @ 275:9be8464e4295

Oops, we didn't authenticate the parameter update
author Matt Johnston <matt@ucc.asn.au>
date Tue, 17 Nov 2015 22:24:09 +0800
parents 03e540c3ec24
children 0a1c02160e66 6c14e0573f50
comparison
equal deleted inserted replaced
263:654caee52c83 275:9be8464e4295
67 minutes, endstr = get_request_zoom() 67 minutes, endstr = get_request_zoom()
68 return make_graph(minutes, endstr) 68 return make_graph(minutes, endstr)
69 69
70 @route('/set/update', method='post') 70 @route('/set/update', method='post')
71 def set_update(): 71 def set_update():
72 if not secure.check_user_hash(config.ALLOWED_USERS):
73 # the "Save" button should be disabled if the cert wasn't
74 # good
75 response.status = 403
76 return "No cert, dodginess"
77
72 post_json = json.loads(request.forms.data) 78 post_json = json.loads(request.forms.data)
73 79
74 csrf_blob = post_json['csrf_blob'] 80 csrf_blob = post_json['csrf_blob']
75 81
76 if not secure.check_csrf_blob(csrf_blob): 82 if not secure.check_csrf_blob(csrf_blob):
77 response.status = 403 83 response.status = 403
78 return "Bad csrf" 84 return "Bad csrf"
79 85
80 ret = log.update_params(post_json['params']) 86 ret = log.update_params(post_json['params'])
81 if not ret is True: 87 if not ret is True:
82 response.status = 403 88 response.status = 409 # Conflict
83 return ret 89 return ret
84 90
85 return "Good" 91 return "Good"
86 92
87 @route('/set') 93 @route('/set')
155 #return str(request.environ) 161 #return str(request.environ)
156 #yield "\n" 162 #yield "\n"
157 #var_lookup = environ['mod_ssl.var_lookup'] 163 #var_lookup = environ['mod_ssl.var_lookup']
158 #return var_lookup("SSL_SERVER_I_DN_O") 164 #return var_lookup("SSL_SERVER_I_DN_O")
159 165
166 @route('/h')
167 def headers():
168 response.set_header('Content-Type', 'text/plain')
169 return '\n'.join("%s: %s" % x for x in request.headers.items())
170
160 @route('/get_settings') 171 @route('/get_settings')
161 def get_settings(): 172 def get_settings():
162 response.set_header('Cache-Control', 'no-cache') 173 response.set_header('Cache-Control', 'no-cache')
163 req_etag = request.headers.get('etag', None) 174 req_etag = request.headers.get('etag', None)
164 if req_etag: 175 if req_etag: