From 737dd9d5cffa2c9ee1fa5b58930f6b2f2b41dac9 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Wed, 18 Nov 2020 02:48:44 +0100 Subject: [PATCH] [Plugin]auth: Fixed possible issue with POST paramenters on login --- flaschengeist/models/user.py | 2 +- flaschengeist/plugins/auth/__init__.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flaschengeist/models/user.py b/flaschengeist/models/user.py index cd1bfce..98a2f4a 100644 --- a/flaschengeist/models/user.py +++ b/flaschengeist/models/user.py @@ -68,7 +68,7 @@ class User(db.Model, ModelSerializeMixin): @property def avatar_url(self): - return url_for('users.get_avatar', userid=self.userid) + return url_for("users.get_avatar", userid=self.userid) @property def roles(self): diff --git a/flaschengeist/plugins/auth/__init__.py b/flaschengeist/plugins/auth/__init__.py index 8bd867f..95ba2d3 100644 --- a/flaschengeist/plugins/auth/__init__.py +++ b/flaschengeist/plugins/auth/__init__.py @@ -34,9 +34,9 @@ def login(): logger.debug("Start log in.") data = request.get_json() try: - userid = data["userid"] - password = data["password"] - except (KeyError, ValueError): + userid = str(data["userid"]) + password = str(data["password"]) + except (KeyError, ValueError, TypeError): raise BadRequest("Missing parameter(s)") logger.debug("search user {{ {} }} in database".format(userid))