external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-07 16:17:23 +01:00
Code Issues Releases Wiki Activity

/admin login now issues a user-specific key for future calls (rather than providing the system-wide API key or passing the password on each request)

Browse Source
This commit is contained in:
Joshua Tauberer
2014-12-01 19:20:46 +00:00
parent 023b38df50
commit 1039a08be6
3 changed files with 38 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
management/daemon.py
View File

@@ -31,7 +31,7 @@ def authorized_personnel_only(viewfunc):
# Authenticate the passed credentials, which is either the API key or a username:password pair.
error = None
try:
privs = auth_service.authenticate(request, env)
email, privs = auth_service.authenticate(request, env)
except ValueError as e:
# Authentication failed.
privs = []
@@ -95,7 +95,7 @@ def index():
def me():
# Is the caller authorized?
try:
privs = auth_service.authenticate(request, env)
email, privs = auth_service.authenticate(request, env)
except ValueError as e:
return json_response({
"status": "invalid",
@@ -104,12 +104,13 @@ def me():
resp = {
"status": "ok",
"email": email,
"privileges": privs,
}
# Is authorized as admin?
# Is authorized as admin? Return an API key for future use.
if "admin" in privs:
resp["api_key"] = auth_service.key
resp["api_key"] = auth_service.create_user_key(email)
# Return.
return json_response(resp)