Mercurial > templog
comparison web/templog.py @ 275:9be8464e4295
Oops, we didn't authenticate the parameter update
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 17 Nov 2015 22:24:09 +0800 |
parents | 03e540c3ec24 |
children | 0a1c02160e66 6c14e0573f50 |
comparison
equal
deleted
inserted
replaced
263:654caee52c83 | 275:9be8464e4295 |
---|---|
67 minutes, endstr = get_request_zoom() | 67 minutes, endstr = get_request_zoom() |
68 return make_graph(minutes, endstr) | 68 return make_graph(minutes, endstr) |
69 | 69 |
70 @route('/set/update', method='post') | 70 @route('/set/update', method='post') |
71 def set_update(): | 71 def set_update(): |
72 if not secure.check_user_hash(config.ALLOWED_USERS): | |
73 # the "Save" button should be disabled if the cert wasn't | |
74 # good | |
75 response.status = 403 | |
76 return "No cert, dodginess" | |
77 | |
72 post_json = json.loads(request.forms.data) | 78 post_json = json.loads(request.forms.data) |
73 | 79 |
74 csrf_blob = post_json['csrf_blob'] | 80 csrf_blob = post_json['csrf_blob'] |
75 | 81 |
76 if not secure.check_csrf_blob(csrf_blob): | 82 if not secure.check_csrf_blob(csrf_blob): |
77 response.status = 403 | 83 response.status = 403 |
78 return "Bad csrf" | 84 return "Bad csrf" |
79 | 85 |
80 ret = log.update_params(post_json['params']) | 86 ret = log.update_params(post_json['params']) |
81 if not ret is True: | 87 if not ret is True: |
82 response.status = 403 | 88 response.status = 409 # Conflict |
83 return ret | 89 return ret |
84 | 90 |
85 return "Good" | 91 return "Good" |
86 | 92 |
87 @route('/set') | 93 @route('/set') |
155 #return str(request.environ) | 161 #return str(request.environ) |
156 #yield "\n" | 162 #yield "\n" |
157 #var_lookup = environ['mod_ssl.var_lookup'] | 163 #var_lookup = environ['mod_ssl.var_lookup'] |
158 #return var_lookup("SSL_SERVER_I_DN_O") | 164 #return var_lookup("SSL_SERVER_I_DN_O") |
159 | 165 |
166 @route('/h') | |
167 def headers(): | |
168 response.set_header('Content-Type', 'text/plain') | |
169 return '\n'.join("%s: %s" % x for x in request.headers.items()) | |
170 | |
160 @route('/get_settings') | 171 @route('/get_settings') |
161 def get_settings(): | 172 def get_settings(): |
162 response.set_header('Cache-Control', 'no-cache') | 173 response.set_header('Cache-Control', 'no-cache') |
163 req_etag = request.headers.get('etag', None) | 174 req_etag = request.headers.get('etag', None) |
164 if req_etag: | 175 if req_etag: |