simple-login/app
1
1
Fork 0
mirror of https://github.com/simple-login/app.git synced 2024-11-10 17:35:27 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #936 from simple-login/disable-user-cannot-use-api

Browse source 
prevent disabled user from using the api
This commit is contained in:
Son Nguyen Kim 2022-04-28 12:13:14 +02:00 committed by GitHub
commit 93ae82aa46
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/api/base.py
View file

@ -30,6 +30,9 @@ def require_api_auth(f):
g.user = api_key.user
if g.user.disabled:
return jsonify(error="Disabled account"), 403
return f(*args, **kwargs)
return decorated

19
tests/api/test_alias.py
View file

@ -612,3 +612,22 @@ def test_toggle_contact(flask_client):
assert r.status_code == 200
assert r.json == {"block_forward": True}
def test_get_aliases_disabled_account(flask_client):
user, api_key = get_new_user_and_api_key()
r = flask_client.get(
"/api/v2/aliases?page_id=0",
headers={"Authentication": api_key.code},
)
assert r.status_code == 200
user.disabled = True
Session.commit()
r = flask_client.get(
"/api/v2/aliases?page_id=0",
headers={"Authentication": api_key.code},
)
assert r.status_code == 403