-
Notifications
You must be signed in to change notification settings - Fork 451
/
Copy pathauth.py
48 lines (41 loc) · 1.55 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
from flask import Blueprint, request, jsonify, session, redirect
from . import query_db
bp = Blueprint("auth", __name__)
@bp.route("/login", methods=["POST"])
def login():
username = request.form.get("username")
password = request.form.get("password")
if username is None or password is None:
return (
jsonify({"error": "username and password parameter have to be provided"}),
400,
)
# vulnerability: SQL Injection
query = (
"SELECT id, username, access_level FROM user WHERE username = '%s' AND password = '%s'"
% (username, password)
)
result = query_db(query, [], True)
if result is None:
return jsonify({"bad_login": True}), 400
session["user_info"] = (result[0], result[1], result[2])
return jsonify({"success": True})
@bp.route("/login_and_redirect")
def login_and_redirect():
username = request.args.get("username")
password = request.args.get("password")
url = request.args.get("url")
if username is None or password is None or url is None:
return (
jsonify(
{"error": "username, password, and url parameters have to be provided"}
),
400,
)
query = "SELECT id, username, access_level FROM user WHERE username = ? AND password = ?"
result = query_db(query, (username, password), True)
if result is None:
# vulnerability: Open Redirect
return redirect(url)
session["user_info"] = (result[0], result[1], result[2])
return jsonify({"success": True})