Pi-Hole/FTL
1
0
Fork 0
mirror of https://github.com/pi-hole/FTL.git synced 2025-12-20 06:28:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1728 from pi-hole/tweak/query_auth

Browse Source 
Add authentication via query string
This commit is contained in:
Dominik
2024-01-07 07:50:58 +01:00
committed by GitHub
parent 34464923cf a96c283c0c
commit 933e6f605f
2 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/api/auth.c
View File

@@ -151,6 +151,7 @@ int check_client_auth(struct ftl_conn *api, const bool is_api)
}
}
// If not, does the client provide a session ID via COOKIE?
bool cookie_auth = false;
if(!sid_avail)
{
@@ -162,7 +163,22 @@ int check_client_auth(struct ftl_conn *api, const bool is_api)
// Mark SID as available
sid_avail = true;
}
}
// If not, does the client provide a session ID via URI?
if(!sid_avail && api->request->query_string && GET_VAR("sid", sid, api->request->query_string) > 0)
{
// "+" may have been replaced by " ", undo this here
for(unsigned int i = 0; i < SID_SIZE; i++)
if(sid[i] == ' ')
sid[i] = '+';
// Zero terminate SID string
sid[SID_SIZE-1] = '\0';
// Mention source of SID
sid_source = "URI";
// Mark SID as available
sid_avail = true;
}
if(!sid_avail)

13
test/api/libs/FTLAPI.py
View File

@@ -15,6 +15,7 @@ import requests
from typing import List
import json
from hashlib import sha256
import urllib.parse
url = "http://pi.hole/api/auth"
@@ -23,6 +24,7 @@ class AuthenticationMethods(Enum):
HEADER = 1
BODY = 2
COOKIE = 3
QUERY_STR = 4
# Class to query the FTL API
class FTLAPI():
@@ -103,13 +105,18 @@ class FTLAPI():
def GET(self, uri: str, params: List[str] = [], expected_mimetype: str = "application/json", authenticate: AuthenticationMethods = AuthenticationMethods.BODY):
self.errors = []
try:
# Get json_data, headers and cookies
json_data, headers, cookies = self.get_jsondata_headers_cookies(authenticate)
# Add session ID to the request if authenticating via query string
if self.auth_method == AuthenticationMethods.QUERY_STR.name:
encoded_sid = urllib.parse.quote(self.session['sid'], safe='')
params.append("sid=" + encoded_sid)
# Add parameters to the URI (if any)
if len(params) > 0:
uri = uri + "?" + "&".join(params)
# Get json_data, headers and cookies
json_data, headers, cookies = self.get_jsondata_headers_cookies(authenticate)
if self.verbose:
print("GET " + self.api_url + uri + " with json_data: " + json.dumps(json_data))