sachet/server/users/manage.py: remove checks on forbidden names

This commit is contained in:
dogeystamp 2023-05-22 12:23:58 -04:00
parent 3d93e489c4
commit 2d56823b17
Signed by: dogeystamp
GPG Key ID: 7225FE3592EFFA38
2 changed files with 12 additions and 7 deletions

View File

@ -28,6 +28,12 @@ The server will respond like this:
"username": "user" "username": "user"
} }
.. warning::
Ensure that you are indeed using ``POST``.
Otherwise, you are querying the user with the name ``login``.
This will result in a "not authorized" error.
Save the token in ``auth_token``. Save the token in ``auth_token``.
.. _authentication_usage: .. _authentication_usage:
@ -69,7 +75,7 @@ You can now use the new token in ``auth_token`` for future authentication.
This does not revoke your old token. This does not revoke your old token.
See :ref:`authentication_log_out` for information on revoking tokens. See :ref:`authentication_log_out` for information on revoking tokens.
.. note:: .. warning::
Remember to use the ``POST`` HTTP method and not ``GET``. Remember to use the ``POST`` HTTP method and not ``GET``.
If you use ``GET`` by accident, the server will assume you're trying to read the information of a user called 'extend'. If you use ``GET`` by accident, the server will assume you're trying to read the information of a user called 'extend'.
This will result in a "not authorized" error. This will result in a "not authorized" error.
@ -87,3 +93,8 @@ Use the following request body:
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2ODUwNTk3NjIsImlhdCI6MTY4NDQ1NDk2Miwic3ViIjoidXNlciIsImp0aSI6InJlbmV3In0.ZITIK8L5FzLtm-ASwIf6TkTb69z4bsZ8FF0mWee4YI4" "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2ODUwNTk3NjIsImlhdCI6MTY4NDQ1NDk2Miwic3ViIjoidXNlciIsImp0aSI6InJlbmV3In0.ZITIK8L5FzLtm-ASwIf6TkTb69z4bsZ8FF0mWee4YI4"
} }
.. warning::
Ensure that you are indeed using ``POST``.
Otherwise, you are querying the user with the name ``logout``.
This will result in a "not authorized" error.

View File

@ -3,12 +3,6 @@ from sachet.server.models import User
def create_user(permissions, username, password): def create_user(permissions, username, password):
# to reduce confusion with API endpoints
forbidden = {"login", "logout", "extend"}
if username in forbidden:
raise KeyError(f"Username '{username}' is reserved and can not be used.")
user = User.query.filter_by(username=username).first() user = User.query.filter_by(username=username).first()
if not user: if not user:
user = User(username=username, password=password, permissions=permissions) user = User(username=username, password=password, permissions=permissions)