2012-11-17 14:18:07 +00:00
|
|
|
# coding: utf-8
|
|
|
|
|
2014-03-02 17:31:32 +00:00
|
|
|
# This file is part of Supysonic.
|
|
|
|
#
|
|
|
|
# Supysonic is a Python implementation of the Subsonic server API.
|
|
|
|
# Copyright (C) 2013 Alban 'spl0k' Féron
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU Affero General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU Affero General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2012-11-17 14:18:07 +00:00
|
|
|
import string, random, hashlib
|
|
|
|
import uuid
|
|
|
|
|
2014-03-09 18:12:11 +00:00
|
|
|
from db import User
|
2012-11-17 14:18:07 +00:00
|
|
|
|
|
|
|
class UserManager:
|
2012-11-17 17:00:14 +00:00
|
|
|
SUCCESS = 0
|
|
|
|
INVALID_ID = 1
|
|
|
|
NO_SUCH_USER = 2
|
|
|
|
NAME_EXISTS = 3
|
|
|
|
WRONG_PASS = 4
|
2012-11-17 14:18:07 +00:00
|
|
|
|
2012-11-17 17:00:14 +00:00
|
|
|
@staticmethod
|
2014-03-16 17:51:19 +00:00
|
|
|
def get(store, uid):
|
2012-11-17 17:00:14 +00:00
|
|
|
if type(uid) in (str, unicode):
|
|
|
|
try:
|
|
|
|
uid = uuid.UUID(uid)
|
|
|
|
except:
|
|
|
|
return UserManager.INVALID_ID, None
|
|
|
|
elif type(uid) is uuid.UUID:
|
|
|
|
pass
|
|
|
|
else:
|
|
|
|
return UserManager.INVALID_ID, None
|
|
|
|
|
2014-03-15 17:51:15 +00:00
|
|
|
user = store.get(User, uid)
|
2012-11-17 17:00:14 +00:00
|
|
|
if user is None:
|
|
|
|
return UserManager.NO_SUCH_USER, None
|
2012-11-17 14:18:07 +00:00
|
|
|
|
2012-11-17 17:00:14 +00:00
|
|
|
return UserManager.SUCCESS, user
|
2012-11-17 14:18:07 +00:00
|
|
|
|
|
|
|
@staticmethod
|
2014-03-15 17:51:15 +00:00
|
|
|
def add(store, name, password, mail, admin):
|
|
|
|
if store.find(User, User.name == name).one():
|
2012-11-17 17:00:14 +00:00
|
|
|
return UserManager.NAME_EXISTS
|
2012-11-17 14:18:07 +00:00
|
|
|
|
2013-06-18 14:40:41 +00:00
|
|
|
password = UserManager.__decode_password(password)
|
2012-11-17 14:18:07 +00:00
|
|
|
crypt, salt = UserManager.__encrypt_password(password)
|
2014-03-15 17:51:15 +00:00
|
|
|
|
|
|
|
user = User()
|
|
|
|
user.name = name
|
|
|
|
user.mail = mail
|
|
|
|
user.password = crypt
|
|
|
|
user.salt = salt
|
|
|
|
user.admin = admin
|
|
|
|
|
|
|
|
store.add(user)
|
|
|
|
store.commit()
|
2012-11-17 14:18:07 +00:00
|
|
|
|
2012-11-17 17:00:14 +00:00
|
|
|
return UserManager.SUCCESS
|
2012-11-17 14:18:07 +00:00
|
|
|
|
|
|
|
@staticmethod
|
2014-03-15 17:51:15 +00:00
|
|
|
def delete(store, uid):
|
|
|
|
status, user = UserManager.get(store, uid)
|
2012-11-17 17:00:14 +00:00
|
|
|
if status != UserManager.SUCCESS:
|
|
|
|
return status
|
2012-11-17 14:18:07 +00:00
|
|
|
|
2014-03-15 17:51:15 +00:00
|
|
|
store.remove(user)
|
|
|
|
store.commit()
|
2012-11-17 14:18:07 +00:00
|
|
|
|
2012-11-17 17:00:14 +00:00
|
|
|
return UserManager.SUCCESS
|
2012-11-17 14:18:07 +00:00
|
|
|
|
|
|
|
@staticmethod
|
2014-03-15 17:51:15 +00:00
|
|
|
def try_auth(store, name, password):
|
2013-06-18 14:40:41 +00:00
|
|
|
password = UserManager.__decode_password(password)
|
2014-03-15 17:51:15 +00:00
|
|
|
user = store.find(User, User.name == name).one()
|
2012-11-17 14:18:07 +00:00
|
|
|
if not user:
|
2012-11-17 17:00:14 +00:00
|
|
|
return UserManager.NO_SUCH_USER, None
|
2012-11-17 14:18:07 +00:00
|
|
|
elif UserManager.__encrypt_password(password, user.salt)[0] != user.password:
|
2012-11-17 17:00:14 +00:00
|
|
|
return UserManager.WRONG_PASS, None
|
|
|
|
else:
|
|
|
|
return UserManager.SUCCESS, user
|
|
|
|
|
2012-12-09 20:34:39 +00:00
|
|
|
@staticmethod
|
2014-03-15 17:51:15 +00:00
|
|
|
def change_password(store, uid, old_pass, new_pass):
|
|
|
|
status, user = UserManager.get(store, uid)
|
2012-12-09 20:34:39 +00:00
|
|
|
if status != UserManager.SUCCESS:
|
|
|
|
return status
|
|
|
|
|
2013-06-18 14:40:41 +00:00
|
|
|
old_pass = UserManager.__decode_password(old_pass)
|
|
|
|
new_pass = UserManager.__decode_password(new_pass)
|
|
|
|
|
2012-12-09 20:34:39 +00:00
|
|
|
if UserManager.__encrypt_password(old_pass, user.salt)[0] != user.password:
|
|
|
|
return UserManager.WRONG_PASS
|
|
|
|
|
|
|
|
user.password = UserManager.__encrypt_password(new_pass, user.salt)[0]
|
2014-03-15 17:51:15 +00:00
|
|
|
store.commit()
|
2012-12-09 20:34:39 +00:00
|
|
|
return UserManager.SUCCESS
|
|
|
|
|
2013-06-18 14:12:35 +00:00
|
|
|
@staticmethod
|
2014-03-15 17:51:15 +00:00
|
|
|
def change_password2(store, name, new_pass):
|
|
|
|
user = store.find(User, User.name == name).one()
|
2013-06-18 14:12:35 +00:00
|
|
|
if not user:
|
|
|
|
return UserManager.NO_SUCH_USER
|
|
|
|
|
2013-06-18 14:40:41 +00:00
|
|
|
new_pass = UserManager.__decode_password(new_pass)
|
2013-06-18 14:12:35 +00:00
|
|
|
user.password = UserManager.__encrypt_password(new_pass, user.salt)[0]
|
2014-03-15 17:51:15 +00:00
|
|
|
store.commit()
|
2013-06-18 14:12:35 +00:00
|
|
|
return UserManager.SUCCESS
|
|
|
|
|
2012-11-17 17:00:14 +00:00
|
|
|
@staticmethod
|
|
|
|
def error_str(err):
|
|
|
|
if err == UserManager.SUCCESS:
|
|
|
|
return 'No error'
|
|
|
|
elif err == UserManager.INVALID_ID:
|
|
|
|
return 'Invalid user id'
|
|
|
|
elif err == UserManager.NO_SUCH_USER:
|
|
|
|
return 'No such user'
|
|
|
|
elif err == UserManager.NAME_EXISTS:
|
|
|
|
return 'There is already a user with that name'
|
|
|
|
elif err == UserManager.WRONG_PASS:
|
|
|
|
return 'Wrong password'
|
2012-11-17 14:18:07 +00:00
|
|
|
else:
|
2012-11-17 17:00:14 +00:00
|
|
|
return 'Unkown error'
|
2012-11-17 14:18:07 +00:00
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def __encrypt_password(password, salt = None):
|
|
|
|
if salt is None:
|
|
|
|
salt = ''.join(random.choice(string.printable.strip()) for i in xrange(6))
|
|
|
|
return hashlib.sha1(salt + password).hexdigest(), salt
|
|
|
|
|
2013-06-18 14:40:41 +00:00
|
|
|
@staticmethod
|
|
|
|
def __decode_password(password):
|
|
|
|
if not password.startswith('enc:'):
|
|
|
|
return password
|
|
|
|
|
|
|
|
enc = password[4:]
|
|
|
|
ret = ''
|
|
|
|
while enc:
|
|
|
|
ret = ret + chr(int(enc[:2], 16))
|
|
|
|
enc = enc[2:]
|
|
|
|
return ret
|
|
|
|
|