darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-17 10:42:25 -05:00
Code Issues Packages Projects Releases Wiki Activity

Abort unauthenticated requests for Firetext inbound SMS

Browse Source 
Switches on authentication checks for Firetext inbound SMS callbacks.

This should only be released once Firetext callback URLs have been
updated with authentication details.
This commit is contained in:
Alexey Bezhan
2017-11-23 17:17:37 +00:00
parent 0df44040e3
commit 4d48421767
2 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/notifications/receive_notifications.py
View File

@@ -60,10 +60,10 @@ def receive_firetext_sms():
auth = request.authorization
if not auth:
current_app.logger.warning("Inbound sms no auth header")
# abort(401)
abort(401)
elif auth.username != 'notify' or auth.password not in current_app.config['FIRETEXT_INBOUND_SMS_AUTH']:
current_app.logger.warning("Inbound sms incorrect username ({}) or password".format(auth.username))
# abort(403)
abort(403)
inbound_number = strip_leading_forty_four(post_data['destination'])