From 33300175869ce423ed1e856d25d9cf054de2336c Mon Sep 17 00:00:00 2001 From: Terry Geng Date: Wed, 27 May 2020 08:52:27 +0800 Subject: [PATCH] fix: password auth error --- command.py | 2 +- interface.py | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/command.py b/command.py index f049b61..7918616 100644 --- a/command.py +++ b/command.py @@ -71,7 +71,7 @@ def register_all_commands(bot): bot.register_command(constants.commands('add_webinterface_user'), cmd_web_user_add, admin=True) bot.register_command(constants.commands('remove_webinterface_user'), cmd_web_user_remove, admin=True) bot.register_command(constants.commands('list_webinterface_user'), cmd_web_user_list, admin=True) - bot.register_command(constants.commands('change_user_password'), cmd_user_password) + bot.register_command(constants.commands('change_user_password'), cmd_user_password, no_partial_match=True) # Just for debug use bot.register_command('rtrms', cmd_real_time_rms, True) #bot.register_command('loop', cmd_loop_state, True) diff --git a/interface.py b/interface.py index e58d7a9..964c4e6 100644 --- a/interface.py +++ b/interface.py @@ -120,9 +120,9 @@ def requires_auth(f): if auth_method == 'password': auth = request.authorization - user = auth.username - if not auth or not check_auth(auth.username, auth.password): - if auth: + if auth: + user = auth.username + if not check_auth(auth.username, auth.password): if request.remote_addr in bad_access_count: bad_access_count[request.remote_addr] += 1 log.info(f"web: failed login attempt, user: {auth.username}, from ip {request.remote_addr}." @@ -134,6 +134,8 @@ def requires_auth(f): else: bad_access_count[request.remote_addr] = 1 log.info(f"web: failed login attempt, user: {auth.username}, from ip {request.remote_addr}.") + return authenticate() + else: return authenticate() if auth_method == 'token': if 'user' in session and 'token' not in request.args: