mirror of
https://github.com/YunoHost/dynette.git
synced 2024-09-03 20:06:17 +02:00
Add route to define recovery password using the key
This commit is contained in:
Alexandre Aubin
parent
8c100e440e
commit
c63f631707
1 changed files with 46 additions and 3 deletions
47
app.py
47
app.py
|
|
@ -40,7 +40,7 @@ def _validate_domain(domain):
|
|||
len(domain.split(".")) != 3
|
||||
or domain.split(".", 1)[-1] not in app.config["DOMAINS"]
|
||||
):
|
||||
return {"error": f"This subdomain is not handled by this dynette server."}, 400
|
||||
return {"error": "This subdomain is not handled by this dynette server."}, 400
|
||||
|
||||
|
||||
def _is_available(domain):
|
||||
|
|
@ -107,7 +107,6 @@ def register(key):
|
|||
if len(recovery_password) > 1024:
|
||||
return {"error": "Recovery password too long"}, 409
|
||||
|
||||
r_init = recovery_password
|
||||
recovery_password = bcrypt.hashpw(
|
||||
password=recovery_password.encode(), salt=bcrypt.gensalt(14)
|
||||
)
|
||||
|
|
@ -171,3 +170,47 @@ def delete_using_recovery_password_or_key(subdomain):
|
|||
os.remove(f"{app.config['DB_FOLDER']}/{subdomain}.recovery_password")
|
||||
|
||||
return '"OK"', 200
|
||||
|
||||
|
||||
@app.route("/domains/<subdomain>/recovery_password", methods=["PUT"])
|
||||
@limiter.limit("5 per hour")
|
||||
def set_recovery_password_using_key(subdomain):
|
||||
|
||||
try:
|
||||
assert isinstance(subdomain, str)
|
||||
data = dict(request.form) # get_json(force=True)
|
||||
recovery_password = data.get("recovery_password")
|
||||
key = data.get("key")
|
||||
assert (recovery_password and isinstance(recovery_password, str)) and (
|
||||
key and isinstance(key, str)
|
||||
)
|
||||
if key:
|
||||
key = base64.b64decode(key).decode()
|
||||
except Exception:
|
||||
return {"error": "Invalid request"}, 400
|
||||
|
||||
error = _validate_domain(subdomain)
|
||||
if error:
|
||||
return error
|
||||
|
||||
if _is_available(subdomain):
|
||||
return {"error": "Subdomain not registered"}, 404
|
||||
|
||||
with open(f"{app.config['DB_FOLDER']}/{subdomain}.key") as f:
|
||||
if not hmac.compare_digest(key, f.read()):
|
||||
return '"Access denied"', 403
|
||||
|
||||
if len(recovery_password) < 8:
|
||||
return {"error": "Recovery password too short"}, 409
|
||||
if len(recovery_password) > 1024:
|
||||
return {"error": "Recovery password too long"}, 409
|
||||
|
||||
recovery_password = bcrypt.hashpw(
|
||||
password=recovery_password.encode(), salt=bcrypt.gensalt(14)
|
||||
)
|
||||
recovery_password = base64.b64encode(recovery_password).decode()
|
||||
|
||||
with open(f"{app.config['DB_FOLDER']}/{subdomain}.recovery_password", "w") as f:
|
||||
f.write(recovery_password)
|
||||
|
||||
return '"OK"', 200
|
||||
|
|
|
|||
Loading…
Reference in a new issue