OTK generation was busted (thanks Stuart D. Gathman)

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@2239 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/CHANGES.txt b/CHANGES.txt
index 78650846be614f647042a379cd019f1c4f2e138a..b48d2d246969686b71af9d33414634b46d9fa82b 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -7,6 +7,7 @@ Fixed:
 - MultiMapping deviated from the Zope C implementation in a number of
   places (thanks Toby Sargeant)
 - MySQL and Postgresql use BOOL/BOOLEAN for Boolean types
+- OTK generation was busted (thanks Stuart D. Gathman)
 
 
 2004-03-27 0.7.0b2

diff --git a/doc/index.txt b/doc/index.txt
index 0860ac50b433d16d2f704e7efe25c3a503fba8d1..c5d4355bbbfc86f4c2dee9236445276b17070215 100644 (file)
--- a/doc/index.txt
+++ b/doc/index.txt
@@ -79,6 +79,7 @@ Paul F. Dubois,
 Jeff Epler,
 Tom Epperly,
 Hernan Martinez Foffani,
+Stuart D. Gathman,
 Ajit George,
 Frank Gibbons,
 Johannes Gijsbers,

diff --git a/roundup/backends/sessions_dbm.py b/roundup/backends/sessions_dbm.py
index 33d204f322d25b1f9df923113e41b0763968d485..2405a5c2d6306cdd65c035cc276e1ef5c5498a3f 100644 (file)
--- a/roundup/backends/sessions_dbm.py
+++ b/roundup/backends/sessions_dbm.py
@@ -1,4 +1,4 @@
-#$Id: sessions_dbm.py,v 1.4 2004-03-26 23:56:11 richard Exp $
+#$Id: sessions_dbm.py,v 1.5 2004-03-31 23:08:38 richard Exp $
 """This module defines a very basic store that's used by the CGI interface
 to store session and one-time-key information.
 
@@ -22,6 +22,13 @@ class BasicDatabase:
         # ensure files are group readable and writable
         os.umask(0002)
 
+    def exists(self, infoid):
+        db = self.opendb('c')
+        try:
+            return db.has_key(infoid)
+        finally:
+            db.close()
+
     def clear(self):
         path = os.path.join(self.dir, self.name)
         if os.path.exists(path):

diff --git a/roundup/backends/sessions_rdbms.py b/roundup/backends/sessions_rdbms.py
index 7ee3bc131603860472ed62a7cfce1b8c4b96eff5..3e0f5796ffa9b1919384faf43df770991b0fecf5 100644 (file)
--- a/roundup/backends/sessions_rdbms.py
+++ b/roundup/backends/sessions_rdbms.py
@@ -1,4 +1,4 @@
-#$Id: sessions_rdbms.py,v 1.1 2004-03-18 01:58:45 richard Exp $
+#$Id: sessions_rdbms.py,v 1.2 2004-03-31 23:08:39 richard Exp $
 """This module defines a very basic store that's used by the CGI interface
 to store session and one-time-key information.
 
@@ -21,6 +21,12 @@ class BasicDatabase:
     def clear(self):
         self.cursor.execute('delete from %ss'%self.name)
 
+    def exists(self, infoid):
+        n = self.name
+        self.cursor.execute('select count(*) from %ss where %s_key=%s'%(n,
+            n, self.db.arg), (infoid,))
+        return self.cursor.fetchone()[0]
+
     _marker = []
     def get(self, infoid, value, default=_marker):
         n = self.name

diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
index 7bd678d4e89c6a2c52ab4c98f6fb977ac3643594..df368eb0014274f9102f2f7ceefb1871547eb0f1 100755 (executable)
--- a/roundup/cgi/actions.py
+++ b/roundup/cgi/actions.py
@@ -1,4 +1,4 @@
-#$Id: actions.py,v 1.21 2004-03-30 06:43:08 richard Exp $
+#$Id: actions.py,v 1.22 2004-03-31 23:08:39 richard Exp $
 
 import re, cgi, StringIO, urllib, Cookie, time, random
 
@@ -723,6 +723,7 @@ class RegisterAction(Action):
             elif isinstance(proptype, hyperdb.Password):
                 props[propname] = str(value)
         otks = self.db.getOTKManager()
+        otk = ''.join([random.choice(chars) for x in range(32)])
         while otks.exists(otk):
             otk = ''.join([random.choice(chars) for x in range(32)])
         otks.set(otk, **props)
@@ -744,8 +745,8 @@ reply's additional "Re:" is ok),
 
 """ % {'name': props['username'], 'tracker': tracker_name, 'url': self.base,
         'otk': otk, 'tracker_email': tracker_email}
-        if not self.client.standard_message([props['address']], subject, body,
-        tracker_email):
+        if not self.client.standard_message([props['address']], subject,
+                body, tracker_email):
             return
 
         # commit changes to the database