From df5f964245d3d32c3c5cc56eb292f9aedc74572c Mon Sep 17 00:00:00 2001 From: Jon Bergli Heier Date: Mon, 10 Feb 2014 21:29:02 +0100 Subject: Use jab id instead of username as user key. --- db.py | 9 +++------ fbin.py | 50 +++++++++++++++++++++----------------------------- 2 files changed, 24 insertions(+), 35 deletions(-) diff --git a/db.py b/db.py index fc2db63..dd24204 100644 --- a/db.py +++ b/db.py @@ -15,15 +15,12 @@ class User(Base): id = Column(Integer, primary_key = True) username = Column(String, unique = True, index = True) - password = Column(String) - last_login = Column(DateTime) - active = Column(Boolean, nullable = False) + jab_id = Column(String(12), unique = True, index = True) files = relation('File', backref = 'user', order_by = 'File.date.desc()') - def __init__(self, username, password, active): + def __init__(self, username, jab_id): self.username = username - self.password = password - self.active = active + self.jab_id = jab_id class File(Base): __tablename__ = 'files' diff --git a/fbin.py b/fbin.py index b4ccdae..7339a26 100755 --- a/fbin.py +++ b/fbin.py @@ -33,21 +33,26 @@ class FileUploadFieldStorage(cgi.FieldStorage): return tempfile.NamedTemporaryFile(prefix = 'upload_', dir = settings.file_directory, delete = False) class Application(object): - def get_user(self, username, password): + def get_or_create_user(self, username, jab_id): session = db.Session() try: - user = session.query(db.User).filter(db.and_(db.User.username == username, db.User.password == password)).one() + return session.query(db.User).filter(db.User.jab_id == jab_id).one() except db.NoResultFound: - return None + try: + user = db.User(username, jab_id) + session.add(user) + session.commit() + session.refresh(user) + return user + except db.IntegrityError: + return None finally: session.close() - return user - - def get_user_by_name(self, username): + def get_user_by_jab_id(self, jab_id): session = db.Session() try: - return session.query(db.User).filter(db.User.username == username).one() + return session.query(db.User).filter(db.User.jab_id == jab_id).one() except db.NoResultFound: return None finally: @@ -62,21 +67,6 @@ class Application(object): finally: session.close() - def add_user(self, username, password, active): - session = db.Session() - try: - user = db.User(username, password, active) - session.add(user) - session.commit() - # Refresh so we can fetch the id. - session.refresh(user) - except db.IntegrityError: - return None - finally: - session.close() - - return user - def get_file(self, hash, update_accessed = False): session = db.Session() try: @@ -338,10 +328,10 @@ class Application(object): 'loggedin': False, 'next': form.getvalue('next'), }))] - # FIXME: Don't use the username as key for jab users. - user = self.get_user_by_name(jab_user['username']) + user = self.get_or_create_user(jab_user['username'], jab_user['_id']) if not user: - user = self.add_user(jab_user['username'], None, True) + start_response('500 Internal Server Error', []) + return [] self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id}) c = Cookie.SimpleCookie() c['token'] = token @@ -538,11 +528,13 @@ class Application(object): ] data['status'] = True elif method == 'get_token': - user = self.get_user(form['username'].value, hashlib.sha1(form['password'].value).hexdigest()) - if not user: - return error('Invalid credentials') try: - token = self.jab.generate_user_token(form['username'].value, form['password'].value, settings.jab_identifier, '%s (API)' % settings.jab_name, {'user_id': user.id}) + token = self.jab.generate_user_token(form['username'].value, form['password'].value, settings.jab_identifier, '%s (API)' % settings.jab_name) + jab_user = self.jab.get_user_by_token(token, settings.jab_identifier, environ['REMOTE_ADDR']) + user = self.get_or_create_user(jab_user['username'], jab_user['_id']) + if not user: + return error('Error fetching user data') + self.jab.set_token_data(token, settings.jab_identifier, {'user_id': user.id}) except: return error('Invalid credentials') data['token'] = token -- cgit v1.2.3