From 229b2de566716b1b61d87ac0dd90a9ef04428e17 Mon Sep 17 00:00:00 2001 From: Fabio Manganiello Date: Sat, 28 Nov 2020 15:28:09 +0100 Subject: [PATCH] The /execute endpoint should require authentication as well --- platypush/backend/http/app/routes/dashboard.py | 5 +++-- platypush/backend/http/app/routes/execute.py | 2 +- platypush/backend/http/webapp/src/utils/Api.vue | 7 ------- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/platypush/backend/http/app/routes/dashboard.py b/platypush/backend/http/app/routes/dashboard.py index 71b65b937..68d1f06da 100644 --- a/platypush/backend/http/app/routes/dashboard.py +++ b/platypush/backend/http/app/routes/dashboard.py @@ -1,4 +1,4 @@ -from flask import Blueprint, request, render_template +from flask import Blueprint, render_template from platypush.backend.http.app import template_folder from platypush.backend.http.app.utils import authenticate, get_websocket_port @@ -12,9 +12,10 @@ __routes__ = [ ] +# noinspection PyUnusedLocal @dashboard.route('/dashboard/', methods=['GET']) @authenticate() -def render_dashboard(*_, **__): +def render_dashboard(name): """ Route for the dashboard """ return render_template('index.html', utils=HttpUtils, diff --git a/platypush/backend/http/app/routes/execute.py b/platypush/backend/http/app/routes/execute.py index 59fda1730..cfbabe175 100644 --- a/platypush/backend/http/app/routes/execute.py +++ b/platypush/backend/http/app/routes/execute.py @@ -14,7 +14,7 @@ __routes__ = [ @execute.route('/execute', methods=['POST']) -@authenticate(skip_auth_methods=['session']) +@authenticate() def execute(): """ Endpoint to execute commands """ try: diff --git a/platypush/backend/http/webapp/src/utils/Api.vue b/platypush/backend/http/webapp/src/utils/Api.vue index bcb62eae9..715a7af91 100644 --- a/platypush/backend/http/webapp/src/utils/Api.vue +++ b/platypush/backend/http/webapp/src/utils/Api.vue @@ -15,13 +15,6 @@ export default { request['type'] = 'request' } - // TODO Proper auth/token management - // if (window.config.token) { - // opts.headers = { - // 'X-Token': window.config.token - // } - // } - if (timeout) { opts.timeout = timeout }