Skip to content
This repository has been archived by the owner on Sep 27, 2024. It is now read-only.

Commit

Permalink
Validate token character set
Browse files Browse the repository at this point in the history
  • Loading branch information
@msathieu
msathieu committed Mar 13, 2024
1 parent 800f3c8 commit 991da99
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions backend/controllers/auth/authentication_controller.py
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import string
from typing import TYPE_CHECKING

import httpx
Expand Down Expand Up @@ -25,6 +26,9 @@ def authenticate_user(session: Session, ticket: str) -> UserDataclass | None:
:param ticket: A ticket from login.ugent.be/login?service=https://localhost:8080/login
:return: None if the authentication failed, user: UseDataclass is the authentication was successful
"""
allowed_chars = set(string.ascii_letters + string.digits + "-")
if not all(c in allowed_chars for c in ticket):
return None
user_information = httpx.get(f"https://login.ugent.be/serviceValidate?service={cas_service}&ticket={ticket}")
user_dict: dict | None = parse_cas_xml(user_information.text)
if user_dict is None:
Expand Down

0 comments on commit 991da99

Please sign in to comment.