mirror of
https://github.com/spl0k/supysonic.git
synced 2024-11-13 21:52:18 +00:00
Moving password decoding to UserManager class
This commit is contained in:
parent
7042634a89
commit
08b9b1b293
@ -46,14 +46,11 @@ def authorize():
|
|||||||
request.user = user
|
request.user = user
|
||||||
return
|
return
|
||||||
|
|
||||||
(username, decoded_pass) = map(request.args.get, [ 'u', 'p' ])
|
(username, password) = map(request.args.get, [ 'u', 'p' ])
|
||||||
if not username or not decoded_pass:
|
if not username or not password:
|
||||||
return error
|
return error
|
||||||
|
|
||||||
if decoded_pass.startswith('enc:'):
|
status, user = UserManager.try_auth(username, password)
|
||||||
decoded_pass = hexdecode(decoded_pass[4:])
|
|
||||||
|
|
||||||
status, user = UserManager.try_auth(username, decoded_pass)
|
|
||||||
if status != UserManager.SUCCESS:
|
if status != UserManager.SUCCESS:
|
||||||
return error
|
return error
|
||||||
|
|
||||||
@ -188,13 +185,6 @@ class ResponseHelper:
|
|||||||
|
|
||||||
return ret.replace('"True"', '"true"').replace('"False"', '"false"')
|
return ret.replace('"True"', '"true"').replace('"False"', '"false"')
|
||||||
|
|
||||||
def hexdecode(enc):
|
|
||||||
ret = ''
|
|
||||||
while enc:
|
|
||||||
ret = ret + chr(int(enc[:2], 16))
|
|
||||||
enc = enc[2:]
|
|
||||||
return ret
|
|
||||||
|
|
||||||
def get_entity(req, ent, param = 'id'):
|
def get_entity(req, ent, param = 'id'):
|
||||||
eid = req.args.get(param)
|
eid = req.args.get(param)
|
||||||
if not eid:
|
if not eid:
|
||||||
|
@ -3,7 +3,6 @@
|
|||||||
from flask import request
|
from flask import request
|
||||||
from web import app
|
from web import app
|
||||||
from db import User
|
from db import User
|
||||||
from . import hexdecode
|
|
||||||
from user_manager import UserManager
|
from user_manager import UserManager
|
||||||
|
|
||||||
@app.route('/rest/getUser.view', methods = [ 'GET', 'POST' ])
|
@app.route('/rest/getUser.view', methods = [ 'GET', 'POST' ])
|
||||||
@ -38,9 +37,6 @@ def user_add():
|
|||||||
return request.error_formatter(10, 'Missing parameter')
|
return request.error_formatter(10, 'Missing parameter')
|
||||||
admin = True if admin in (True, 'True', 'true', 1, '1') else False
|
admin = True if admin in (True, 'True', 'true', 1, '1') else False
|
||||||
|
|
||||||
if password.startswith('enc:'):
|
|
||||||
password = hexdecode(password[4:])
|
|
||||||
|
|
||||||
status = UserManager.add(username, password, email, admin)
|
status = UserManager.add(username, password, email, admin)
|
||||||
if status == UserManager.NAME_EXISTS:
|
if status == UserManager.NAME_EXISTS:
|
||||||
return request.error_formatter(0, 'There is already a user with that username')
|
return request.error_formatter(0, 'There is already a user with that username')
|
||||||
@ -72,9 +68,6 @@ def user_changepass():
|
|||||||
if username != request.username and not request.user.admin:
|
if username != request.username and not request.user.admin:
|
||||||
return request.error_formatter(50, 'Admin restricted')
|
return request.error_formatter(50, 'Admin restricted')
|
||||||
|
|
||||||
if password.startswith('enc:'):
|
|
||||||
password = hexdecode(password[4:])
|
|
||||||
|
|
||||||
status = UserManager.change_password2(username, password)
|
status = UserManager.change_password2(username, password)
|
||||||
if status != UserManager.SUCCESS:
|
if status != UserManager.SUCCESS:
|
||||||
return request.error_formatter(0, UserManager.error_str(status))
|
return request.error_formatter(0, UserManager.error_str(status))
|
||||||
|
@ -35,6 +35,7 @@ class UserManager:
|
|||||||
if User.query.filter(User.name == name).first():
|
if User.query.filter(User.name == name).first():
|
||||||
return UserManager.NAME_EXISTS
|
return UserManager.NAME_EXISTS
|
||||||
|
|
||||||
|
password = UserManager.__decode_password(password)
|
||||||
crypt, salt = UserManager.__encrypt_password(password)
|
crypt, salt = UserManager.__encrypt_password(password)
|
||||||
user = User(name = name, mail = mail, password = crypt, salt = salt, admin = admin)
|
user = User(name = name, mail = mail, password = crypt, salt = salt, admin = admin)
|
||||||
session.add(user)
|
session.add(user)
|
||||||
@ -55,6 +56,7 @@ class UserManager:
|
|||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def try_auth(name, password):
|
def try_auth(name, password):
|
||||||
|
password = UserManager.__decode_password(password)
|
||||||
user = User.query.filter(User.name == name).first()
|
user = User.query.filter(User.name == name).first()
|
||||||
if not user:
|
if not user:
|
||||||
return UserManager.NO_SUCH_USER, None
|
return UserManager.NO_SUCH_USER, None
|
||||||
@ -69,6 +71,9 @@ class UserManager:
|
|||||||
if status != UserManager.SUCCESS:
|
if status != UserManager.SUCCESS:
|
||||||
return status
|
return status
|
||||||
|
|
||||||
|
old_pass = UserManager.__decode_password(old_pass)
|
||||||
|
new_pass = UserManager.__decode_password(new_pass)
|
||||||
|
|
||||||
if UserManager.__encrypt_password(old_pass, user.salt)[0] != user.password:
|
if UserManager.__encrypt_password(old_pass, user.salt)[0] != user.password:
|
||||||
return UserManager.WRONG_PASS
|
return UserManager.WRONG_PASS
|
||||||
|
|
||||||
@ -82,6 +87,7 @@ class UserManager:
|
|||||||
if not user:
|
if not user:
|
||||||
return UserManager.NO_SUCH_USER
|
return UserManager.NO_SUCH_USER
|
||||||
|
|
||||||
|
new_pass = UserManager.__decode_password(new_pass)
|
||||||
user.password = UserManager.__encrypt_password(new_pass, user.salt)[0]
|
user.password = UserManager.__encrypt_password(new_pass, user.salt)[0]
|
||||||
session.commit()
|
session.commit()
|
||||||
return UserManager.SUCCESS
|
return UserManager.SUCCESS
|
||||||
@ -107,3 +113,15 @@ class UserManager:
|
|||||||
salt = ''.join(random.choice(string.printable.strip()) for i in xrange(6))
|
salt = ''.join(random.choice(string.printable.strip()) for i in xrange(6))
|
||||||
return hashlib.sha1(salt + password).hexdigest(), salt
|
return hashlib.sha1(salt + password).hexdigest(), salt
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def __decode_password(password):
|
||||||
|
if not password.startswith('enc:'):
|
||||||
|
return password
|
||||||
|
|
||||||
|
enc = password[4:]
|
||||||
|
ret = ''
|
||||||
|
while enc:
|
||||||
|
ret = ret + chr(int(enc[:2], 16))
|
||||||
|
enc = enc[2:]
|
||||||
|
return ret
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user