nfctokens: always reject auth for random UIDs

edinburghhacklab · Sep 29, 2023 · 7874122 · 7874122
1 parent 37746ac
commit 7874122
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/nfctokens/views.py b/nfctokens/views.py
@@ -224,6 +224,11 @@ def nfc_token_auth(request):
     required_groups = data.get("groups")
     exclude_groups = data.get("exclude_groups", [])
 
+    if len(uid) == 8 and uid.startswith("08"):
+        return JsonResponse(
+            {"found": False, "authorized": False, "reason": "Random UID not allowed"}
+        )
+
     # lookup the token
     try:
         token = NFCToken.objects.get(uid=uid)