diff --git a/api/__init__.py b/api/__init__.py index 433d2ac..fd8a89e 100755 --- a/api/__init__.py +++ b/api/__init__.py @@ -45,7 +45,7 @@ def authorize(): if decoded_pass.startswith('enc:'): decoded_pass = hexdecode(decoded_pass[4:]) - if UserManager.try_auth(username, decoded_pass)[0] != UserManager.LOGIN_SUCCESS: + if UserManager.try_auth(username, decoded_pass)[0] != UserManager.SUCCESS: return error @app.after_request diff --git a/user.py b/user.py index 2248660..c37ba98 100755 --- a/user.py +++ b/user.py @@ -34,11 +34,11 @@ def add_user(): if not error: status = UserManager.add(name, passwd, mail, admin) - if status == UserManager.ADD_SUCCESS: + if status == UserManager.SUCCESS: flash("User '%s' successfully added" % name) return redirect(url_for('user_index')) - elif status == UserManager.ADD_NAME_EXISTS: - flash('There is already a user with that name. Please pick another one.') + else: + flash(UserManager.error_str(status)) return render_template('adduser.html') @@ -46,14 +46,10 @@ def add_user(): @app.route('/user/del/') def del_user(uid): status = UserManager.delete(uid) - if status == UserManager.DEL_SUCCESS: + if status == UserManager.SUCCESS: flash('Deleted user') - elif status == UserManager.DEL_INVALID_ID: - flash('Invalid user id') - elif status == UserManager.DEL_NO_SUCH_USER: - flash('No such user') else: - flash('Unknown error') + flash(UserManager.error_str(status)) return redirect(url_for('user_index')) @@ -78,16 +74,12 @@ def login(): if not error: status, user = UserManager.try_auth(name, password) - if status == UserManager.LOGIN_SUCCESS: + if status == UserManager.SUCCESS: session['userid'] = str(user.id) flash('Logged in!') return redirect(return_url) - elif status == UserManager.LOGIN_NO_SUCH_USER: - flash('Unknown user') - elif status == UserManager.LOGIN_WRONG_PASS: - flash('Wrong password') else: - flash('Unknown error') + flash(UserManager.error_str(status)) return render_template('login.html') diff --git a/user_manager.py b/user_manager.py index ccb931f..637d875 100755 --- a/user_manager.py +++ b/user_manager.py @@ -6,59 +6,77 @@ import uuid from db import User, session class UserManager: - ADD_SUCCESS = 0 - ADD_NAME_EXISTS = 1 + SUCCESS = 0 + INVALID_ID = 1 + NO_SUCH_USER = 2 + NAME_EXISTS = 3 + WRONG_PASS = 4 - DEL_SUCCESS = 0 - DEL_INVALID_ID = 1 - DEL_NO_SUCH_USER = 2 + @staticmethod + def get(uid): + if type(uid) in (str, unicode): + try: + uid = uuid.UUID(uid) + except: + return UserManager.INVALID_ID, None + elif type(uid) is uuid.UUID: + pass + else: + return UserManager.INVALID_ID, None - LOGIN_SUCCESS = 0 - LOGIN_NO_SUCH_USER = 1 - LOGIN_WRONG_PASS = 2 + user = User.query.get(uid) + if user is None: + return UserManager.NO_SUCH_USER, None + + return UserManager.SUCCESS, user @staticmethod def add(name, password, mail, admin): if User.query.filter(User.name == name).first(): - return UserManager.ADD_NAME_EXISTS + return UserManager.NAME_EXISTS crypt, salt = UserManager.__encrypt_password(password) user = User(name = name, mail = mail, password = crypt, salt = salt, admin = admin) session.add(user) session.commit() - return UserManager.ADD_SUCCESS + return UserManager.SUCCESS @staticmethod def delete(uid): - if type(uid) in (str, unicode): - try: - uid = uuid.UUID(uid) - except: - return UserManager.DEL_INVALID_ID - elif type(uid) is uuid.UUID: - pass - else: - return UserManager.DEL_INVALID_ID - - user = User.query.get(uid) - if user is None: - return UserManager.DEL_NO_SUCH_USER + status, user = UserManager.get(uid) + if status != UserManager.SUCCESS: + return status session.delete(user) session.commit() - return UserManager.DEL_SUCCESS + return UserManager.SUCCESS @staticmethod def try_auth(name, password): user = User.query.filter(User.name == name).first() if not user: - return UserManager.LOGIN_NO_SUCH_USER, None + return UserManager.NO_SUCH_USER, None elif UserManager.__encrypt_password(password, user.salt)[0] != user.password: - return UserManager.LOGIN_WRONG_PASS, None + return UserManager.WRONG_PASS, None else: - return UserManager.LOGIN_SUCCESS, user + return UserManager.SUCCESS, user + + @staticmethod + def error_str(err): + if err == UserManager.SUCCESS: + return 'No error' + elif err == UserManager.INVALID_ID: + return 'Invalid user id' + elif err == UserManager.NO_SUCH_USER: + return 'No such user' + elif err == UserManager.NAME_EXISTS: + return 'There is already a user with that name' + elif err == UserManager.WRONG_PASS: + return 'Wrong password' + else: + return 'Unkown error' @staticmethod def __encrypt_password(password, salt = None):