[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libeufin] 05/08: admin authentication helper
From: |
gnunet |
Subject: |
[libeufin] 05/08: admin authentication helper |
Date: |
Fri, 08 May 2020 20:04:49 +0200 |
This is an automated email from the git hooks/post-receive script.
ms pushed a commit to branch master
in repository libeufin.
commit 993dabf4b38a84245902f5ba123a5dfb595fd0c0
Author: Marcello Stanisci <address@hidden>
AuthorDate: Fri May 8 18:09:57 2020 +0200
admin authentication helper
---
nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt | 9 +++++++++
nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt | 2 ++
2 files changed, 11 insertions(+)
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
index 05ae29e..badda4f 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Helpers.kt
@@ -369,6 +369,15 @@ fun authenticateRequest(authorization: String?): String {
return subscriber.id.value
}
+fun authenticateAdminRequest(authorization: String?): String {
+ val userId = authenticateRequest(authorization)
+ if (!userId.equals("admin")) throw NexusError(
+ HttpStatusCode.Forbidden,
+ "Not the 'admin' user"
+ )
+ return userId
+}
+
/**
* Check if the subscriber has the right to use the (claimed) bank account.
* @param subscriber id of the EBICS subscriber to check
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
index a632034..f55e4e8 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
@@ -150,6 +150,8 @@ fun main() {
* Add a new ordinary user in the system (requires "admin"
privileges)
*/
post("/users") {
+ authenticateAdminRequest(call.request.headers["Authorization"])
+
return@post
}
/**
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [libeufin] branch master updated (64b3929 -> f73bdad), gnunet, 2020/05/08
- [libeufin] 04/08: GET /user, gnunet, 2020/05/08
- [libeufin] 01/08: Comments., gnunet, 2020/05/08
- [libeufin] 06/08: POST /users, gnunet, 2020/05/08
- [libeufin] 02/08: new API., gnunet, 2020/05/08
- [libeufin] 05/08: admin authentication helper,
gnunet <=
- [libeufin] 03/08: fix compilation, gnunet, 2020/05/08
- [libeufin] 07/08: add GET /bank-accounts, fix GET /user., gnunet, 2020/05/08
- [libeufin] 08/08: POST preapred-payments/submit, gnunet, 2020/05/08