mirror of
https://github.com/spl0k/supysonic.git
synced 2024-12-22 08:56:17 +00:00
Moving password decoding to UserManager class
This commit is contained in:
parent
7042634a89
commit
08b9b1b293
@ -46,14 +46,11 @@ def authorize():
|
||||
request.user = user
|
||||
return
|
||||
|
||||
(username, decoded_pass) = map(request.args.get, [ 'u', 'p' ])
|
||||
if not username or not decoded_pass:
|
||||
(username, password) = map(request.args.get, [ 'u', 'p' ])
|
||||
if not username or not password:
|
||||
return error
|
||||
|
||||
if decoded_pass.startswith('enc:'):
|
||||
decoded_pass = hexdecode(decoded_pass[4:])
|
||||
|
||||
status, user = UserManager.try_auth(username, decoded_pass)
|
||||
status, user = UserManager.try_auth(username, password)
|
||||
if status != UserManager.SUCCESS:
|
||||
return error
|
||||
|
||||
@ -188,13 +185,6 @@ class ResponseHelper:
|
||||
|
||||
return ret.replace('"True"', '"true"').replace('"False"', '"false"')
|
||||
|
||||
def hexdecode(enc):
|
||||
ret = ''
|
||||
while enc:
|
||||
ret = ret + chr(int(enc[:2], 16))
|
||||
enc = enc[2:]
|
||||
return ret
|
||||
|
||||
def get_entity(req, ent, param = 'id'):
|
||||
eid = req.args.get(param)
|
||||
if not eid:
|
||||
|
@ -3,7 +3,6 @@
|
||||
from flask import request
|
||||
from web import app
|
||||
from db import User
|
||||
from . import hexdecode
|
||||
from user_manager import UserManager
|
||||
|
||||
@app.route('/rest/getUser.view', methods = [ 'GET', 'POST' ])
|
||||
@ -38,9 +37,6 @@ def user_add():
|
||||
return request.error_formatter(10, 'Missing parameter')
|
||||
admin = True if admin in (True, 'True', 'true', 1, '1') else False
|
||||
|
||||
if password.startswith('enc:'):
|
||||
password = hexdecode(password[4:])
|
||||
|
||||
status = UserManager.add(username, password, email, admin)
|
||||
if status == UserManager.NAME_EXISTS:
|
||||
return request.error_formatter(0, 'There is already a user with that username')
|
||||
@ -72,9 +68,6 @@ def user_changepass():
|
||||
if username != request.username and not request.user.admin:
|
||||
return request.error_formatter(50, 'Admin restricted')
|
||||
|
||||
if password.startswith('enc:'):
|
||||
password = hexdecode(password[4:])
|
||||
|
||||
status = UserManager.change_password2(username, password)
|
||||
if status != UserManager.SUCCESS:
|
||||
return request.error_formatter(0, UserManager.error_str(status))
|
||||
|
@ -35,6 +35,7 @@ class UserManager:
|
||||
if User.query.filter(User.name == name).first():
|
||||
return UserManager.NAME_EXISTS
|
||||
|
||||
password = UserManager.__decode_password(password)
|
||||
crypt, salt = UserManager.__encrypt_password(password)
|
||||
user = User(name = name, mail = mail, password = crypt, salt = salt, admin = admin)
|
||||
session.add(user)
|
||||
@ -55,6 +56,7 @@ class UserManager:
|
||||
|
||||
@staticmethod
|
||||
def try_auth(name, password):
|
||||
password = UserManager.__decode_password(password)
|
||||
user = User.query.filter(User.name == name).first()
|
||||
if not user:
|
||||
return UserManager.NO_SUCH_USER, None
|
||||
@ -69,6 +71,9 @@ class UserManager:
|
||||
if status != UserManager.SUCCESS:
|
||||
return status
|
||||
|
||||
old_pass = UserManager.__decode_password(old_pass)
|
||||
new_pass = UserManager.__decode_password(new_pass)
|
||||
|
||||
if UserManager.__encrypt_password(old_pass, user.salt)[0] != user.password:
|
||||
return UserManager.WRONG_PASS
|
||||
|
||||
@ -82,6 +87,7 @@ class UserManager:
|
||||
if not user:
|
||||
return UserManager.NO_SUCH_USER
|
||||
|
||||
new_pass = UserManager.__decode_password(new_pass)
|
||||
user.password = UserManager.__encrypt_password(new_pass, user.salt)[0]
|
||||
session.commit()
|
||||
return UserManager.SUCCESS
|
||||
@ -107,3 +113,15 @@ class UserManager:
|
||||
salt = ''.join(random.choice(string.printable.strip()) for i in xrange(6))
|
||||
return hashlib.sha1(salt + password).hexdigest(), salt
|
||||
|
||||
@staticmethod
|
||||
def __decode_password(password):
|
||||
if not password.startswith('enc:'):
|
||||
return password
|
||||
|
||||
enc = password[4:]
|
||||
ret = ''
|
||||
while enc:
|
||||
ret = ret + chr(int(enc[:2], 16))
|
||||
enc = enc[2:]
|
||||
return ret
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user