Commit 8b749558 authored by Leon Tappe's avatar Leon Tappe 🔥
Browse files

return 400 on wrong tticket key

parent 0a26a890
......@@ -157,8 +157,15 @@ def check():
except:
return 'ticket not signed correctly', 400
# decrypt the ticket
correct_key, decrypted = decrypt_ticket(data)
if not correct_key:
return 'ticket encrypted with wrong public key', 400
# check if valid datetime
valid = check_ticket(decrypted)
# respond with color code according to current day
valid = check_ticket(data)
if valid != None and valid:
alloc = ColorAllocation.query.filter_by(day=date.today()).first()
if alloc != None:
......@@ -181,16 +188,18 @@ def check():
)
def check_ticket(ticket):
def decrypt_ticket(ticket):
try:
# decode and parse request body into datetime object
decrypted = decryptor.decrypt(ticket)
date_time_obj = parser.isoparse(decrypted)
# compare current time with request's datetime in utc
return date_time_obj > datetime.now(tzutc())
return True, parser.isoparse(decrypted)
except:
return None
return False, None
def check_ticket(decrypted):
# compare current time with request's datetime in utc
return decrypted > datetime.now(tzutc())
@bp.route("/genticket", methods=['POST'])
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment