diff --git a/identman/blueprints/__init__.py b/identman/blueprints/__init__.py index 2a79161..5a882fa 100644 --- a/identman/blueprints/__init__.py +++ b/identman/blueprints/__init__.py @@ -57,8 +57,13 @@ async def challenge(request: Request, csrf_protect: CsrfProtect = Depends()): logger.debug(f"decrypted String: {plain}") message = Message.validate(json.loads(plain)) data = message.model_dump(exclude_none=True) - except (JSONDecodeError, InvalidTag, ValueError, binascii.Error, argon2.exceptions.HashingError) as e: - logger.warning(f"Dexryption/Parsing Error: {e}") + except (JSONDecodeError, ValueError) as e: + logger.debug(f"Decode Error: {e}") + response = JSONResponse(status_code=400, content={"error": "Invalider QR Code"}) + csrf_protect.unset_csrf_cookie(response) + return response + except (InvalidTag, argon2.exceptions.HashingError) as e: + logger.warning(f"Decryption Error: {e}") response = JSONResponse(status_code=400, content={"error": "Invalider QR Code"}) csrf_protect.unset_csrf_cookie(response) return response diff --git a/identman/helper/api.py b/identman/helper/api.py index 4ba46d4..843a62e 100644 --- a/identman/helper/api.py +++ b/identman/helper/api.py @@ -10,6 +10,8 @@ from .settings import settings, FileAPISettings, DummyAPISettings, PycroftAPISettings import httpx +logger = logging.getLogger(__name__) + class API(ABC): def __init__(self, url: str = "", api_key: str = ""): self.url = url @@ -48,9 +50,10 @@ def __init__(self, path: str): def check_user(self, data): data_list = [str(value) for key, value in data.items()] with open(self.path) as file: - reader = csv.reader(file) - for subset in reader: - if set(subset).issubset(data_list): + user_list = csv.reader(file) + for user in user_list: + if set(data_list).issubset(user): + logger.info(f"Found user: {user} which matches {data_list}") return True return False diff --git a/identman/helper/decryption.py b/identman/helper/decryption.py index 1397c40..e90e2b2 100644 --- a/identman/helper/decryption.py +++ b/identman/helper/decryption.py @@ -14,7 +14,7 @@ class Message(BaseModel): name: str fname: str byear: Optional[int] = None - uid: int + uid: str @field_validator('byear', mode='before') def empty_str_to_none(cls, v): diff --git a/identman/helper/helpers.py b/identman/helper/helpers.py index b725a58..629fa41 100644 --- a/identman/helper/helpers.py +++ b/identman/helper/helpers.py @@ -1,4 +1,3 @@ -import numbers from cryptography.hazmat.primitives import hashes import logging diff --git a/identman/helper/settings.py b/identman/helper/settings.py index 6e38a8f..04465e7 100644 --- a/identman/helper/settings.py +++ b/identman/helper/settings.py @@ -6,6 +6,8 @@ from pydantic_settings import BaseSettings, SettingsConfigDict +logger = logging.getLogger(__name__) + class CsrfSettings(BaseSettings): secret_key: str = "Top secret" cookie_samesite: str = "none" @@ -31,7 +33,7 @@ class DummyAPISettings(BaseSettings): class Settings(BaseSettings): model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8") - cors_origins: List[str] = ["http://localhost", "http://127.0.0.1:3000", "http://127.0.0.1", "https://127.0.0.1"] + cors_origins: List[str] = ["http://localhost", "http://127.0.0.1:3000", "http://localhost:5173", "http://127.0.0.1:5173", "http://127.0.0.1", "https://127.0.0.1"] backend: str = "sample" leading_zeros: int = 4 csrf_settings: CsrfSettings = CsrfSettings() @@ -50,14 +52,16 @@ def get_loglevel(self) -> int | None: class Secrets(BaseSettings): secret: str = "Hallo" - salt: str = "2025" + salt: str = "2026" csrf_key: str = "Top secret" if not os.getenv("CONFIG"): settings = Settings() secrets = Secrets() + logger.warning(f"Using default config with decryption secret: {secrets.secret} and salt: {secrets.salt}!") else: + logger.info("Loading config from envs!") secrets = Secrets( secret=os.getenv("API_DECRYPT_PASSWORD"), salt=os.getenv("API_SALT"),