it's more logical to do the auth check before anything...

2024-11-22 01:14:21 +01:00 · 2015-11-02 23:17:49 +01:00 · 2015-11-02 23:17:49 +01:00 · 451c59e875
commit 451c59e875
parent fdba64f9da
1 changed files with 1 additions and 1 deletions
--- a/ldapcherry/init.py
+++ b/ldapcherry/init.py
@ -904,12 +904,12 @@ class LdapCherry(object):
    @exception_decorator
    def checkppolicy(self, **params):
        """ search user page """
+        self._check_auth(must_admin=False)
        keys = params.keys()
        if len(keys) != 1:
            cherrypy.response.status = 400
            return "bad argument"
        password = params[keys[0]]
-        self._check_auth(must_admin=False)
        is_admin = self._check_admin()
        ret = self._checkppolicy(password)
        if ret['match']: