aiolabs/lnbits
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Fix/admin extension exception (#984)

Browse source 
* check if wallet exists

* check wallet existence in key check

* return FORBIDDEN for LNBITS_ADMIN_USERS
This commit is contained in:
calle 2022-09-20 15:34:03 +03:00 committed by GitHub
parent a9084a09f7
commit c5cc65a736
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lnbits/decorators.py
View file

@ -153,14 +153,18 @@ async def get_key_type(
LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS
) and (LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS): ) and (LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS):
raise HTTPException( raise HTTPException(
status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized." status_code=HTTPStatus.FORBIDDEN,
detail="User not authorized for this extension.",
) )
return wallet return wallet
except HTTPException as e: except HTTPException as e:
if e.status_code == HTTPStatus.BAD_REQUEST: if e.status_code == HTTPStatus.BAD_REQUEST:
raise raise
if e.status_code == HTTPStatus.UNAUTHORIZED: elif e.status_code == HTTPStatus.UNAUTHORIZED:
# we pass this in case it is not an invoice key, nor an admin key, and then return NOT_FOUND at the end of this block
pass pass
else:
raise
except: except:
raise raise
raise HTTPException( raise HTTPException(