check session in json api
This commit is contained in:
parent
f2120b1131
commit
e6a8123939
|
@ -43,12 +43,16 @@ design:
|
||||||
from traceback import format_exc
|
from traceback import format_exc
|
||||||
import web
|
import web
|
||||||
from web import webapi
|
from web import webapi
|
||||||
|
import page_decorators as deco
|
||||||
|
from web import cookies, setcookie as w_setcookie
|
||||||
|
import utils
|
||||||
from deluge.ui.client import sclient,aclient
|
from deluge.ui.client import sclient,aclient
|
||||||
from deluge.log import LOG as log
|
from deluge.log import LOG as log
|
||||||
from deluge import component
|
from deluge import component
|
||||||
from utils import dict_cb
|
from utils import dict_cb
|
||||||
from lib import json
|
from lib import json
|
||||||
|
|
||||||
|
|
||||||
class json_rpc:
|
class json_rpc:
|
||||||
"""
|
"""
|
||||||
== Full client api ==
|
== Full client api ==
|
||||||
|
@ -59,9 +63,18 @@ class json_rpc:
|
||||||
def GET(self):
|
def GET(self):
|
||||||
print '{"error":"only POST is supported"}'
|
print '{"error":"only POST is supported"}'
|
||||||
|
|
||||||
#security bug: does not check session!!
|
|
||||||
def POST(self):
|
def POST(self , name=None):
|
||||||
web.header("Content-Type", "application/x-json")
|
ck = cookies()
|
||||||
|
if not(ck.has_key("session_id") and ck["session_id"] in utils.SESSIONS):
|
||||||
|
print """{"error":{
|
||||||
|
"number":1,
|
||||||
|
"message":"not authenticated"
|
||||||
|
"error":"not authenticated"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"""
|
||||||
|
return
|
||||||
id = 0
|
id = 0
|
||||||
try:
|
try:
|
||||||
log.debug("json-data:")
|
log.debug("json-data:")
|
||||||
|
|
Loading…
Reference in New Issue