From a86e47113c24e9b5e2014685cbab9fd7b977f976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= Date: Tue, 21 Nov 2023 22:54:37 +0100 Subject: [PATCH] user name case sensitivity --- Ideen.md | 2 +- api/advent22_api/routers/_security.py | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Ideen.md b/Ideen.md index d60f2bf..37f6fdf 100644 --- a/Ideen.md +++ b/Ideen.md @@ -1,6 +1,5 @@ # MUSS -- api: admin Login case sensitivity (username "admin" == "AdMiN") - api: Config-Liste von Extra-Türchen (kein Buchstabe, nur manuelles Bild) - api: Config-Option "Überspringe leere Türchen" (standard ja) @@ -20,3 +19,4 @@ - Option "Leerzeichen ignorieren" (standard ja) - Nach einigen Sekunden: Meldung "Türchen anzeigen?" - `alert` durch bulma Komponente(n) ersetzen +- api: admin Login case sensitivity (username "admin" == "AdMiN") diff --git a/api/advent22_api/routers/_security.py b/api/advent22_api/routers/_security.py index 13929ae..2f5f390 100644 --- a/api/advent22_api/routers/_security.py +++ b/api/advent22_api/routers/_security.py @@ -19,8 +19,14 @@ async def user_is_admin( True iff der user "admin" ist """ - username_correct = secrets.compare_digest(credentials.username, cfg.admin.name) - password_correct = secrets.compare_digest(credentials.password, cfg.admin.password) + username_correct = secrets.compare_digest( + credentials.username.lower(), + cfg.admin.name.lower(), + ) + password_correct = secrets.compare_digest( + credentials.password, + cfg.admin.password, + ) return username_correct and password_correct