Commit ee8ae47e authored by Łukasz Nowak's avatar Łukasz Nowak

Disallow calling methods from url.

This is too dangerous, as it allows to generate certificates for any user.
parent 3535c040
...@@ -180,7 +180,8 @@ class CertificateAuthorityTool(BaseTool): ...@@ -180,7 +180,8 @@ class CertificateAuthorityTool(BaseTool):
security.declareProtected(Permissions.AccessContentsInformation, 'getNewCertificate') security.declareProtected(Permissions.AccessContentsInformation, 'getNewCertificate')
def getNewCertificate(self, common_name): def getNewCertificate(self, common_name):
"""Returns certificate for passed common name, as dictionary of {key, certificate, id, common_name}""" # No docstring in order to make this method non publishable
# Returns certificate for passed common name, as dictionary of {key, certificate, id, common_name}
self._checkCertificateAuthority() self._checkCertificateAuthority()
self._lockCertificateAuthority() self._lockCertificateAuthority()
try: try:
...@@ -215,7 +216,8 @@ class CertificateAuthorityTool(BaseTool): ...@@ -215,7 +216,8 @@ class CertificateAuthorityTool(BaseTool):
security.declareProtected(Permissions.AccessContentsInformation, 'revokeCertificate') security.declareProtected(Permissions.AccessContentsInformation, 'revokeCertificate')
def revokeCertificate(self, serial): def revokeCertificate(self, serial):
"""Revokes certificate with serial, returns dictionary {crl}""" # No docstring in order to make this method non publishable
# Revokes certificate with serial, returns dictionary {crl}
self._checkCertificateAuthority() self._checkCertificateAuthority()
self._lockCertificateAuthority() self._lockCertificateAuthority()
try: try:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment