API authentication (/api/login) now uses a seperate API password field.

2025-12-14 06:42:16 +00:00 · 2010-08-06 13:46:07 +01:00
parent 329bec6bc8
commit 3c0dca0fa3
8 changed files with 183 additions and 10 deletions
--- a/api/handlers.py
+++ b/api/handlers.py
@@ -75,7 +75,7 @@ class LoginHandler(BaseHandler):
              'email': u.email, 'groups': u.groups.all(),
              'staff': u.is_staff, 'superuser': u.is_superuser }

-        if request.GET.get('pass', None) and request.GET['pass'] == u.password:
+        if request.GET.get('pass', None) and request.GET['pass'] == u.get_profile().api_service_password:
            return d

        return { 'auth': 'failed' }