summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--db.py9
-rwxr-xr-xfbin.py50
2 files changed, 24 insertions, 35 deletions
diff --git a/db.py b/db.py
index fc2db63..dd24204 100644
--- a/db.py
+++ b/db.py
@@ -15,15 +15,12 @@ class User(Base):
id = Column(Integer, primary_key = True)
username = Column(String, unique = True, index = True)
- password = Column(String)
- last_login = Column(DateTime)
- active = Column(Boolean, nullable = False)
+ jab_id = Column(String(12), unique = True, index = True)
files = relation('File', backref = 'user', order_by = 'File.date.desc()')
- def __init__(self, username, password, active):
+ def __init__(self, username, jab_id):
self.username = username
- self.password = password
- self.active = active
+ self.jab_id = jab_id
class File(Base):
__tablename__ = 'files'
diff --git a/fbin.py b/fbin.py
index b4ccdae..7339a26 100755
--- a/fbin.py
+++ b/fbin.py
@@ -33,21 +33,26 @@ class FileUploadFieldStorage(cgi.FieldStorage):
return tempfile.NamedTemporaryFile(prefix = 'upload_', dir = settings.file_directory, delete = False)
class Application(object):
- def get_user(self, username, password):
+ def get_or_create_user(self, username, jab_id):
session = db.Session()
try:
- user = session.query(db.User).filter(db.and_(db.User.username == username, db.User.password == password)).one()
+ return session.query(db.User).filter(db.User.jab_id == jab_id).one()
except db.NoResultFound:
- return None
+ try:
+ user = db.User(username, jab_id)
+ session.add(user)
+ session.commit()
+ session.refresh(user)
+ return user
+ except db.IntegrityError:
+ return None
finally:
session.close()
- return user
-
- def get_user_by_name(self, username):
+ def get_user_by_jab_id(self, jab_id):
session = db.Session()
try:
- return session.query(db.User).filter(db.User.username == username).one()
+ return session.query(db.User).filter(db.User.jab_id == jab_id).one()
except db.NoResultFound:
return None
finally:
@@ -62,21 +67,6 @@ class Application(object):
finally:
session.close()
- def add_user(self, username, password, active):
- session = db.Session()
- try:
- user = db.User(username, password, active)
- session.add(user)
- session.commit()
- # Refresh so we can fetch the id.
- session.refresh(user)
- except db.IntegrityError:
- return None
- finally:
- session.close()
-
- return user
-
def get_file(self, hash, update_accessed = False):
session = db.Session()
try:
@@ -338,10 +328,10 @@ class Application(object):
'loggedin': False,
'next': form.getvalue('next'),
}))]
- # FIXME: Don't use the username as key for jab users.
- user = self.get_user_by_name(jab_user['username'])
+ user = self.get_or_create_user(jab_user['username'], jab_user['_id'])
if not user:
- user = self.add_user(jab_user['username'], None, True)
+ start_response('500 Internal Server Error', [])
+ return []
self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id})
c = Cookie.SimpleCookie()
c['token'] = token
@@ -538,11 +528,13 @@ class Application(object):
]
data['status'] = True
elif method == 'get_token':
- user = self.get_user(form['username'].value, hashlib.sha1(form['password'].value).hexdigest())
- if not user:
- return error('Invalid credentials')
try:
- token = self.jab.generate_user_token(form['username'].value, form['password'].value, settings.jab_identifier, '%s (API)' % settings.jab_name, {'user_id': user.id})
+ token = self.jab.generate_user_token(form['username'].value, form['password'].value, settings.jab_identifier, '%s (API)' % settings.jab_name)
+ jab_user = self.jab.get_user_by_token(token, settings.jab_identifier, environ['REMOTE_ADDR'])
+ user = self.get_or_create_user(jab_user['username'], jab_user['_id'])
+ if not user:
+ return error('Error fetching user data')
+ self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id})
except:
return error('Invalid credentials')
data['token'] = token