HTTP interface won't check for api password on non existing path's anymore but throw 404.

This commit is contained in:
Paulus Schoutsen 2013-09-29 23:47:53 -07:00
parent 77a69016d4
commit a75f396242

View File

@ -91,22 +91,8 @@ class RequestHandler(BaseHTTPRequestHandler):
get_data = parse_qs(url.query) get_data = parse_qs(url.query)
# Verify API password if url.path == "/":
if get_data.get('api_password', [''])[0] != self.server.api_password: if self._verify_api_password(get_data.get('api_password', [''])[0], False):
self.send_response(200)
self.send_header('Content-type','text/html')
self.end_headers()
write("<html>")
write("<form action='/' method='GET'>")
write("API password: <input name='api_password' />")
write("<input type='submit' value='submit' />")
write("</form>")
write("</html>")
# Serve debug URL
elif url.path == "/":
self.send_response(200) self.send_response(200)
self.send_header('Content-type','text/html') self.send_header('Content-type','text/html')
self.end_headers() self.end_headers()
@ -185,14 +171,11 @@ class RequestHandler(BaseHTTPRequestHandler):
self.server.logger.info(post_data) self.server.logger.info(post_data)
self.server.logger.info(action) self.server.logger.info(action)
given_api_password = post_data.get("api_password", [''])[0]
# Verify API password
if post_data.get("api_password", [''])[0] != self.server.api_password:
self._message(use_json, "API password missing or incorrect.", MESSAGE_STATUS_UNAUTHORIZED)
# Action to change the state # Action to change the state
elif action == "state/change": if action == "state/change":
if self._verify_api_password(given_api_password, use_json):
category, new_state = post_data['category'][0], post_data['new_state'][0] category, new_state = post_data['category'][0], post_data['new_state'][0]
try: try:
@ -205,6 +188,7 @@ class RequestHandler(BaseHTTPRequestHandler):
# Action to fire an event # Action to fire an event
elif action == "event/fire": elif action == "event/fire":
if self._verify_api_password(given_api_password, use_json):
try: try:
event_name = post_data['event_name'][0] event_name = post_data['event_name'][0]
event_data = None if 'event_data' not in post_data or post_data['event_data'][0] == "" else json.loads(post_data['event_data'][0]) event_data = None if 'event_data' not in post_data or post_data['event_data'][0] == "" else json.loads(post_data['event_data'][0])
@ -217,11 +201,33 @@ class RequestHandler(BaseHTTPRequestHandler):
# If JSON decode error # If JSON decode error
self._message(use_json, "Invalid event received.", MESSAGE_STATUS_ERROR) self._message(use_json, "Invalid event received.", MESSAGE_STATUS_ERROR)
else: else:
self.send_response(404) self.send_response(404)
def _verify_api_password(self, api_password, use_json):
if api_password == self.server.api_password:
return True
elif use_json:
self._message(True, "API password missing or incorrect.", MESSAGE_STATUS_UNAUTHORIZED)
else:
self.send_response(200)
self.send_header('Content-type','text/html')
self.end_headers()
write = lambda txt: self.wfile.write(txt+"\n")
write("<html>")
write("<form action='/' method='GET'>")
write("API password: <input name='api_password' />")
write("<input type='submit' value='submit' />")
write("</form>")
write("</html>")
return False
def _message(self, use_json, message, status=MESSAGE_STATUS_OK): def _message(self, use_json, message, status=MESSAGE_STATUS_OK):
""" Helper method to show a message to the user. """ """ Helper method to show a message to the user. """
log_message = "{}: {}".format(status, message) log_message = "{}: {}".format(status, message)