From 451c59e875441fcb8ac7cfca57cd00b251a3bcd4 Mon Sep 17 00:00:00 2001
From: kakwa <carpentier.pf@gmail.com>
Date: Mon, 2 Nov 2015 23:17:49 +0100
Subject: [PATCH] it's more logical to do the auth check before anything...

---
 ldapcherry/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ldapcherry/__init__.py b/ldapcherry/__init__.py
index 4d0c4d9..abfc476 100644
--- a/ldapcherry/__init__.py
+++ b/ldapcherry/__init__.py
@@ -904,12 +904,12 @@ class LdapCherry(object):
     @exception_decorator
     def checkppolicy(self, **params):
         """ search user page """
+        self._check_auth(must_admin=False)
         keys = params.keys()
         if len(keys) != 1:
             cherrypy.response.status = 400
             return "bad argument"
         password = params[keys[0]]
-        self._check_auth(must_admin=False)
         is_admin = self._check_admin()
         ret = self._checkppolicy(password)
         if ret['match']: