Fixing a vulnerability where a standard user could disable any user

[nilsteampassnet]

Fixing a vulnerability where a standard user could disable any user

By querying the endpoint /sources/users.queries.php , all it takes is to specify the identi昀椀er of the user to be disabled, as well as a parameter ( disabled_status ) to de昀椀ne whether the target user should be disabled or enabled.
The JSON will take the following form:
{
"user_id": 10000021,
"disabled_status": 1
}
Here, the user_id 昀椀eld corresponds to the identi昀椀er of the target account. If the disabled_status 昀椀eld is set to 1 , the account will be disabled, and if it is set to 0 , the account will be enabled.
Using the developed script, the following command can be executed:
python3 teampass_poc.py request --uri "/sources/users.queries.php" --data '{"user_id":
,"disabled_status": 1}' --key "" --type "manage_user_disable_status"

Fix for #4366
Small code cleaning