Fix/admin extension exception (#984)

* check if wallet exists * check wallet existence in key check * return FORBIDDEN for LNBITS_ADMIN_USERS
2025-07-12 05:29:56 +02:00 · 2022-09-20 15:34:03 +03:00
parent a9084a09f7
commit c5cc65a736
1 changed files with 6 additions and 2 deletions
--- a/lnbits/decorators.py
+++ b/lnbits/decorators.py
@ -153,14 +153,18 @@ async def get_key_type(
                LNBITS_ADMIN_USERS and wallet.wallet.user not in LNBITS_ADMIN_USERS
            ) and (LNBITS_ADMIN_EXTENSIONS and pathname in LNBITS_ADMIN_EXTENSIONS):
                raise HTTPException(
-                    status_code=HTTPStatus.UNAUTHORIZED, detail="User not authorized."
+                    status_code=HTTPStatus.FORBIDDEN,
+                    detail="User not authorized for this extension.",
                )
            return wallet
        except HTTPException as e:
            if e.status_code == HTTPStatus.BAD_REQUEST:
                raise
-            if e.status_code == HTTPStatus.UNAUTHORIZED:
+            elif e.status_code == HTTPStatus.UNAUTHORIZED:
+                # we pass this in case it is not an invoice key, nor an admin key, and then return NOT_FOUND at the end of this block
                pass
+            else:
+                raise
        except:
            raise
    raise HTTPException(