From eb9ecb6451c62e0c2f52ba02a9cf14ea2a25f807 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sun, 29 Mar 2020 01:27:41 +0100 Subject: [PATCH] try catch is magic --- moulinette/interfaces/__init__.py | 5 +---- moulinette/interfaces/api.py | 5 ++++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/moulinette/interfaces/__init__.py b/moulinette/interfaces/__init__.py index 7a078df2..5c6a64cd 100644 --- a/moulinette/interfaces/__init__.py +++ b/moulinette/interfaces/__init__.py @@ -259,10 +259,7 @@ class BaseActionsMapParser(object): raise MoulinetteError("error_see_log") # -- 'authenticator' - if "authenticator" in configuration: - auth = configuration["authenticator"] - else: - auth = "default" + auth = configuration.get("authenticator", "default") if not is_global and isinstance(auth, str): # Store needed authenticator profile if auth not in self.global_conf["authenticator"]: diff --git a/moulinette/interfaces/api.py b/moulinette/interfaces/api.py index cad9620b..98a95c1d 100644 --- a/moulinette/interfaces/api.py +++ b/moulinette/interfaces/api.py @@ -407,7 +407,10 @@ class _ActionsMapPlugin(object): # We check that there's a (signed) session.hash available # for additional security ? # (An attacker could not craft such signed hashed ? (FIXME : need to make sure of this)) - s_secret = self.secrets[s_id] + try: + s_secret = self.secrets[s_id] + except KeyError: + s_secret = {} if profile not in request.get_cookie( "session.tokens", secret=s_secret, default={} ):