Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

return "403 Forbidden" if authentication token was given, however is invalid

Browse source 
Contributed by T-Labs, Deutsche Telekom Innovation Laboratories

Signed-off-by: Mirko Vogt <mirko@openwrt.org>
This commit is contained in:
Jo-Philipp Wich 2012-08-07 19:11:52 +00:00
parent 0c4edd49b9
commit 69aa218335
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
modules/rpc/luasrc/controller/rpc.lua
View file

@ -24,11 +24,13 @@ module "luci.controller.rpc"
function index() function index()
local function authenticator(validator, accs) local function authenticator(validator, accs)
local auth = luci.http.formvalue("auth", true) local auth = luci.http.formvalue("auth", true)
if auth then if auth then -- if authentication token was given
local sdat = luci.sauth.read(auth) local sdat = luci.sauth.read(auth)
user = loadstring(sdat)().user if sdat then -- if given token is valid
if user and luci.util.contains(accs, user) then user = loadstring(sdat)().user
return user, auth if user and luci.util.contains(accs, user) then
return user, auth
end
end end
end end
luci.http.status(403, "Forbidden") luci.http.status(403, "Forbidden")