fix some minor security issues

bezidev · Oct 6, 2023 · b51c82e · b51c82e
1 parent a1bb114
commit b51c82e
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 10 deletions.
diff --git a/main.py b/main.py
@@ -169,11 +169,11 @@ async def get_timetable(response: Response, date: str | None, authorization: str
             if len(days) == 0:
                 raise Exception("len(days) is 0")
     except Exception as e:
+        print(f"[TIMETABLE] GimSIS login failed: {e}")
         response.status_code = status.HTTP_403_FORBIDDEN
         return {
             "type": "gimsis_login_fail",
             "data": "GimSIS login failed",
-            "error": str(e),
         }
 
     print(f"[INFO] Parsing timetable for user {account_session.username}")

diff --git a/src/endpoints/accounts.py b/src/endpoints/accounts.py
@@ -70,7 +70,6 @@ async def login(response: Response, username: str = Form(), password: str = Form
                     "type": "reg_fail",
                     "data": "GimSIS session verification failed",
                     "session": None,
-                    "error": str(e),
                 }
 
             try:
@@ -84,7 +83,6 @@ async def login(response: Response, username: str = Form(), password: str = Form
                     "type": "reg_fail",
                     "data": "Password hashing failed. Aborted.",
                     "session": None,
-                    "error": str(e),
                 }
 
             try:
@@ -96,7 +94,6 @@ async def login(response: Response, username: str = Form(), password: str = Form
                     "type": "reg_fail",
                     "data": "Password encryption failed. Aborted.",
                     "session": None,
-                    "error": str(e),
                 }
 
             user = User(
@@ -133,7 +130,6 @@ async def login(response: Response, username: str = Form(), password: str = Form
                         "type": "login_fail",
                         "data": "Session login failed.",
                         "session": None,
-                        "error": str(e),
                     }
 
                 break
@@ -167,7 +163,6 @@ async def login(response: Response, username: str = Form(), password: str = Form
                 "type": "login_fail",
                 "data": "Could not decrypt GimSIS password.",
                 "session": None,
-                "error": str(e),
             }
 
         try:

diff --git a/src/endpoints/lopolisweb.py b/src/endpoints/lopolisweb.py
@@ -32,9 +32,9 @@ async def get_meals(response: Response, month: str, year: str, authorization: st
             await account_session.login()
             menus = await account_session.lopolis_session.get_menus(year, month)
         except Exception as e:
+            print(f"[LOPOLIS] Error while authorizing {account_session.username} with an error {e}")
             response.status_code = status.HTTP_403_FORBIDDEN
             return {
-                "error": e,
                 "data": "Not authorized using Lo.Polis",
             }
 
@@ -61,9 +61,9 @@ async def set_meals(response: Response, month: str, year: str, authorization: st
             await account_session.login()
             menus = await account_session.lopolis_session.set_menus(year, month, json.loads(lopolis_response))
         except Exception as e:
+            print(f"[LOPOLIS] Error while authorizing {account_session.username} with an error {e}")
             response.status_code = status.HTTP_403_FORBIDDEN
             return {
-                "error": e,
                 "data": "Not authorized using Lo.Polis",
             }
 
@@ -90,9 +90,9 @@ async def get_checkouts(response: Response, month: str, year: str, authorization
             await account_session.login()
             checkouts = await account_session.lopolis_session.get_checkouts(year, month)
         except Exception as e:
+            print(f"[LOPOLIS] Error while authorizing {account_session.username} with an error {e}")
             response.status_code = status.HTTP_403_FORBIDDEN
             return {
-                "error": e,
                 "data": "Not authorized using Lo.Polis",
             }
 
@@ -119,9 +119,9 @@ async def set_checkouts(response: Response, month: str, year: str, authorization
             await account_session.login()
             checkouts = await account_session.lopolis_session.set_checkouts(year, month, json.loads(lopolis_response))
         except Exception as e:
+            print(f"[LOPOLIS] Error while authorizing {account_session.username} with an error {e}")
             response.status_code = status.HTTP_403_FORBIDDEN
             return {
-                "error": e,
                 "data": "Not authorized using Lo.Polis",
             }