myspace: check request signature of API requests
This commit is contained in:
parent
e9f7e9a3ff
commit
523acb042d
|
@ -13,6 +13,7 @@ from qommon import template
|
|||
from qommon.form import *
|
||||
from qommon import get_cfg, get_logger
|
||||
from qommon import errors
|
||||
from wcs.api import get_user_from_api_query_string
|
||||
|
||||
import qommon.ident.password
|
||||
from qommon.ident.password_accounts import PasswordAccount
|
||||
|
@ -365,13 +366,7 @@ class JsonDirectory(Directory):
|
|||
user = None
|
||||
|
||||
def _q_traverse(self, path):
|
||||
if get_request().form.get('NameID'):
|
||||
ni = get_request().form.get('NameID')
|
||||
nis = list(get_publisher().user_class.select(lambda x: ni in x.name_identifiers))
|
||||
if nis:
|
||||
self.user = nis[0]
|
||||
else:
|
||||
self.user = get_request().user
|
||||
self.user = get_user_from_api_query_string() or get_request().user
|
||||
if not self.user:
|
||||
raise errors.AccessUnauthorizedError()
|
||||
return Directory._q_traverse(self, path)
|
||||
|
|
Reference in New Issue