bellingcat/auto-archiver-api
1
0
Fork 0
mirror of https://github.com/bellingcat/auto-archiver-api.git synced 2026-06-11 21:18:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

bug fix in security

Browse Source
This commit is contained in:
msramalho
2024-10-21 12:00:01 +01:00
parent 860db588de
commit 93e01c9797
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/web/security.py
View File

@@ -62,7 +62,7 @@ def authenticate_user(access_token):
if r.status_code != 200: return False, "invalid token"
try:
j = r.json()
if j.get("azp") not in settings.CHROME_APP_IDS and j.get("aud") not in seuser_grouttings.CHROME_APP_IDS:
if j.get("azp") not in settings.CHROME_APP_IDS and j.get("aud") not in settings.CHROME_APP_IDS:
return False, f"token does not belong to valid APP_ID"
if j.get("email") in settings.BLOCKED_EMAILS:
return False, f"email '{j.get('email')}' not allowed"