diff options
| author | Jon Bergli Heier <snakebite@jvnv.net> | 2014-02-10 21:29:02 +0100 |
|---|---|---|
| committer | Jon Bergli Heier <snakebite@jvnv.net> | 2014-02-10 21:29:02 +0100 |
| commit | df5f964245d3d32c3c5cc56eb292f9aedc74572c (patch) | |
| tree | 53ecca06dc498016fcca951f8e799a82511536f6 | |
| parent | 56b9d3f4221fa8bf5679ba78731b92aacea50a4d (diff) | |
Use jab id instead of username as user key.
| -rw-r--r-- | db.py | 9 | ||||
| -rwxr-xr-x | fbin.py | 50 |
2 files changed, 24 insertions, 35 deletions
@@ -15,15 +15,12 @@ class User(Base): id = Column(Integer, primary_key = True) username = Column(String, unique = True, index = True) - password = Column(String) - last_login = Column(DateTime) - active = Column(Boolean, nullable = False) + jab_id = Column(String(12), unique = True, index = True) files = relation('File', backref = 'user', order_by = 'File.date.desc()') - def __init__(self, username, password, active): + def __init__(self, username, jab_id): self.username = username - self.password = password - self.active = active + self.jab_id = jab_id class File(Base): __tablename__ = 'files' @@ -33,21 +33,26 @@ class FileUploadFieldStorage(cgi.FieldStorage): return tempfile.NamedTemporaryFile(prefix = 'upload_', dir = settings.file_directory, delete = False) class Application(object): - def get_user(self, username, password): + def get_or_create_user(self, username, jab_id): session = db.Session() try: - user = session.query(db.User).filter(db.and_(db.User.username == username, db.User.password == password)).one() + return session.query(db.User).filter(db.User.jab_id == jab_id).one() except db.NoResultFound: - return None + try: + user = db.User(username, jab_id) + session.add(user) + session.commit() + session.refresh(user) + return user + except db.IntegrityError: + return None finally: session.close() - return user - - def get_user_by_name(self, username): + def get_user_by_jab_id(self, jab_id): session = db.Session() try: - return session.query(db.User).filter(db.User.username == username).one() + return session.query(db.User).filter(db.User.jab_id == jab_id).one() except db.NoResultFound: return None finally: @@ -62,21 +67,6 @@ class Application(object): finally: session.close() - def add_user(self, username, password, active): - session = db.Session() - try: - user = db.User(username, password, active) - session.add(user) - session.commit() - # Refresh so we can fetch the id. - session.refresh(user) - except db.IntegrityError: - return None - finally: - session.close() - - return user - def get_file(self, hash, update_accessed = False): session = db.Session() try: @@ -338,10 +328,10 @@ class Application(object): 'loggedin': False, 'next': form.getvalue('next'), }))] - # FIXME: Don't use the username as key for jab users. - user = self.get_user_by_name(jab_user['username']) + user = self.get_or_create_user(jab_user['username'], jab_user['_id']) if not user: - user = self.add_user(jab_user['username'], None, True) + start_response('500 Internal Server Error', []) + return [] self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id}) c = Cookie.SimpleCookie() c['token'] = token @@ -538,11 +528,13 @@ class Application(object): ] data['status'] = True elif method == 'get_token': - user = self.get_user(form['username'].value, hashlib.sha1(form['password'].value).hexdigest()) - if not user: - return error('Invalid credentials') try: - token = self.jab.generate_user_token(form['username'].value, form['password'].value, settings.jab_identifier, '%s (API)' % settings.jab_name, {'user_id': user.id}) + token = self.jab.generate_user_token(form['username'].value, form['password'].value, settings.jab_identifier, '%s (API)' % settings.jab_name) + jab_user = self.jab.get_user_by_token(token, settings.jab_identifier, environ['REMOTE_ADDR']) + user = self.get_or_create_user(jab_user['username'], jab_user['_id']) + if not user: + return error('Error fetching user data') + self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id}) except: return error('Invalid credentials') data['token'] = token |