diff options
| author | Blake DeMarcy <ofunknowndescent@gmail.com> | 2017-04-27 19:31:19 -0500 |
|---|---|---|
| committer | Blake DeMarcy <ofunknowndescent@gmail.com> | 2017-04-27 19:31:19 -0500 |
| commit | ef4e07054a743977aab8cecc35366b959938c751 (patch) | |
| tree | da23936c08bcd5a217028fa4d77ab1374fc95a43 | |
| parent | 634a868030b6fc6512d7238b330e1ae265ee1c9d (diff) | |
| download | bbj-ef4e07054a743977aab8cecc35366b959938c751.tar.gz | |
lowercase all hashes
| -rw-r--r-- | server.py | 4 | ||||
| -rw-r--r-- | src/db.py | 4 | ||||
| -rw-r--r-- | src/schema.py | 2 |
3 files changed, 6 insertions, 4 deletions
@@ -59,7 +59,7 @@ def api_method(function): if not user: raise BBJUserError("User %s is not registered" % username) - elif auth != user["auth_hash"]: + elif auth.lower() != user["auth_hash"].lower(): raise BBJException(5, "Invalid authorization key for user.") # api_methods may choose to bind a usermap into the thread_data @@ -233,7 +233,7 @@ class API(object): """ validate(args, ["target_user", "target_hash"]) user = db.user_resolve(database, args["target_user"], return_false=False) - return args["target_hash"] == user["auth_hash"] + return args["target_hash"].lower() == user["auth_hash"].lower() @api_method @@ -338,7 +338,7 @@ def user_register(connection, user_name, auth_hash): raise BBJUserError("Username already registered") scheme = schema.user_internal( - uuid1().hex, user_name, auth_hash, + uuid1().hex, user_name, auth_hash.lower(), "", "", 0, False, time()) connection.execute(""" @@ -391,6 +391,8 @@ def user_update(connection, user_object, parameters): # bool(0) == False hur hur hurrrrrr ::drools:: if value == 0 or value: validate([(key, value)]) + if key == "auth_hash": + value = value.lower() user_object[key] = value values = ordered_keys(user_object, diff --git a/src/schema.py b/src/schema.py index aedb765..39c67bf 100644 --- a/src/schema.py +++ b/src/schema.py @@ -83,7 +83,7 @@ def user_internal( return { "user_id": user_id, "user_name": user_name, - "auth_hash": auth_hash, + "auth_hash": auth_hash.lower(), "quip": quip, "bio": bio, "color": color, |