# HG changeset patch
# User Dennis Fink <dennis.fink@c3l.lu>
# Date 2015-08-30 15:18:13
# Node ID 270279ad054e930a15f0e4bff2b1082c71c0bf69
# Parent  bfe9206037615f2e1b8a126d122bcdde35059eeb

Rewrite user checking

diff --git a/ennstatus/api/views.py b/ennstatus/api/views.py
--- a/ennstatus/api/views.py
+++ b/ennstatus/api/views.py
@@ -30,10 +30,15 @@ def update():
         current_app.logger.error(str(e))
         return abort(500)
 
+    username = httpauth.username()
+
     try:
-        if request.remote_addr not in servers[httpauth.username()]['IPS']:
-            current_app.logger.warn('Unallowed IP %s tried to update data!'
-                                    % request.remote_addr)
+        if request.remote_addr not in servers[username]['IPS']:
+            current_app.logger.warn(
+                'Unallowed IP {} tried to update data!'.format(
+                    request.remote_addr
+                )
+            )
             return 'IP not allowed!\n', 403, {'Content-Type': 'text/plain'}
     except KeyError as e:
         current_app.logger.error(str(e))
@@ -45,6 +50,18 @@ def update():
         current_app.logger.info('No JSON data supplied!')
         return 'No JSON data supplied!\n', 400, {'Content-Type': 'text/plain'}
 
+    try:
+        if username != data['name'].lower():
+            current_app.logger.warn(
+                'Unallowed user {} tried to update {}!'.format(
+                    username, data['name']
+                )
+            )
+            return ('You are not allowed to update this server\n',
+                    403, {'Content-Type': 'text/plain'})
+    except KeyError:
+        return abort(409)
+
     if 'ip' in data:
         ip = data['ip']
     elif 'ip6' in data: