From 921c12d546c748109e2cb3ee59449876913101d0 Mon Sep 17 00:00:00 2001 From: William De Rocco <93288641+wderocco8@users.noreply.github.com> Date: Sat, 14 Sep 2024 00:34:27 -0400 Subject: [PATCH 1/2] checked for valid code before logging in user --- chalicelib/services/EventsMemberService.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/chalicelib/services/EventsMemberService.py b/chalicelib/services/EventsMemberService.py index e70d43e..f8b7b5c 100644 --- a/chalicelib/services/EventsMemberService.py +++ b/chalicelib/services/EventsMemberService.py @@ -1,5 +1,5 @@ from chalicelib.modules.mongo import mongo_module -from chalice import NotFoundError, BadRequestError +from chalice import NotFoundError, BadRequestError, UnauthorizedError import json from bson import ObjectId import datetime @@ -121,7 +121,7 @@ def checkin(self, event_id: str, user: dict) -> dict: Returns: dict -- Dictionary containing status and message. """ - user_id, user_email = user["id"], user["email"] + user_id, user_email, code = user["id"], user["email"], user["code"] member = self.mongo_module.get_document_by_id("users", user_id) if member is None: raise NotFoundError(f"User with ID {user_id} does not exist.") @@ -132,6 +132,9 @@ def checkin(self, event_id: str, user: dict) -> dict: f"{self.collection_prefix}event", event_id ) + if code.strip() != event["code"].strip(): + raise UnauthorizedError("Invalid code.") + if any(d["userId"] == user_id for d in event["usersAttended"]): raise BadRequestError(f"{user_name} has already checked in.") From 263b7dcf44de4dca1e0a0a0746592c4a7262ddfb Mon Sep 17 00:00:00 2001 From: William De Rocco <93288641+wderocco8@users.noreply.github.com> Date: Sat, 14 Sep 2024 11:21:14 -0400 Subject: [PATCH 2/2] forced code to be lowercase --- chalicelib/services/EventsMemberService.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chalicelib/services/EventsMemberService.py b/chalicelib/services/EventsMemberService.py index f8b7b5c..41e5824 100644 --- a/chalicelib/services/EventsMemberService.py +++ b/chalicelib/services/EventsMemberService.py @@ -132,7 +132,7 @@ def checkin(self, event_id: str, user: dict) -> dict: f"{self.collection_prefix}event", event_id ) - if code.strip() != event["code"].strip(): + if code.lower().strip() != event["code"].lower().strip(): raise UnauthorizedError("Invalid code.") if any(d["userId"] == user_id for d in event["usersAttended"]):