Skip to content

Commit

Permalink
Catch JSON parsing errors (#102)
Browse files Browse the repository at this point in the history 
When invalid JSON data is received, this now results in a proper "400
Bad request" response instead of a server failure.

Co-authored-by: Martin Lambers <[email protected]>
  • Loading branch information
@marlam
marlam and Martin Lambers authored Oct 18, 2024
1 parent 5401b77 commit baa3f9c
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions server/weblogin_daemon.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,14 +116,21 @@ def ssh():

@app.route('/pam-weblogin/start', methods=['POST'])
def start():
data = json.loads(request.data)
logging.debug(f"/pam-weblogin/start\n <- {data}")
if not authorized(request.headers):
response = Response(status=404)
msg = {'error': True, 'message': 'Unauthorized'}
response.data = json.dumps(msg)
logging.debug(f" -> {msg}")
return response
try:
data = json.loads(request.data)
except ValueError as e:
response = Response(status=400)
msg = {'error': True, 'message': 'Bad request'}
response.data = json.dumps(msg)
logging.debug(f" -> {msg}")
return response
logging.debug(f"/pam-weblogin/start\n <- {data}")

user_id = data.get('user_id')
attribute = data.get('attribute')
Expand Down Expand Up @@ -174,7 +181,14 @@ def check_pin():
logging.debug(f" -> {msg}")
return response

data = json.loads(request.data)
try:
data = json.loads(request.data)
except ValueError as e:
response = Response(status=400)
msg = {'error': True, 'message': 'Bad request'}
response.data = json.dumps(msg)
logging.debug(f" -> {msg}")
return response
session_id = data.get('session_id')
rcode = data.get('pin')

Expand Down

0 comments on commit baa3f9c

Please sign in to comment.