From: richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Wed, 31 Mar 2004 23:08:39 +0000 (+0000)
Subject: OTK generation was busted (thanks Stuart D. Gathman)
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=c9071f8c4b5594c9ae312e3e0b24e457486287e2;p=roundup.git

OTK generation was busted (thanks Stuart D. Gathman)


git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@2239 57a73879-2fb5-44c3-a270-3262357dd7e2
---

diff --git a/CHANGES.txt b/CHANGES.txt
index 7865084..b48d2d2 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -7,6 +7,7 @@ Fixed:
 - MultiMapping deviated from the Zope C implementation in a number of
   places (thanks Toby Sargeant)
 - MySQL and Postgresql use BOOL/BOOLEAN for Boolean types
+- OTK generation was busted (thanks Stuart D. Gathman)
 
 
 2004-03-27 0.7.0b2
diff --git a/doc/index.txt b/doc/index.txt
index 0860ac5..c5d4355 100644
--- a/doc/index.txt
+++ b/doc/index.txt
@@ -79,6 +79,7 @@ Paul F. Dubois,
 Jeff Epler,
 Tom Epperly,
 Hernan Martinez Foffani,
+Stuart D. Gathman,
 Ajit George,
 Frank Gibbons,
 Johannes Gijsbers,
diff --git a/roundup/backends/sessions_dbm.py b/roundup/backends/sessions_dbm.py
index 33d204f..2405a5c 100644
--- a/roundup/backends/sessions_dbm.py
+++ b/roundup/backends/sessions_dbm.py
@@ -1,4 +1,4 @@
-#$Id: sessions_dbm.py,v 1.4 2004-03-26 23:56:11 richard Exp $
+#$Id: sessions_dbm.py,v 1.5 2004-03-31 23:08:38 richard Exp $
 """This module defines a very basic store that's used by the CGI interface
 to store session and one-time-key information.
 
@@ -22,6 +22,13 @@ class BasicDatabase:
         # ensure files are group readable and writable
         os.umask(0002)
 
+    def exists(self, infoid):
+        db = self.opendb('c')
+        try:
+            return db.has_key(infoid)
+        finally:
+            db.close()
+
     def clear(self):
         path = os.path.join(self.dir, self.name)
         if os.path.exists(path):
diff --git a/roundup/backends/sessions_rdbms.py b/roundup/backends/sessions_rdbms.py
index 7ee3bc1..3e0f579 100644
--- a/roundup/backends/sessions_rdbms.py
+++ b/roundup/backends/sessions_rdbms.py
@@ -1,4 +1,4 @@
-#$Id: sessions_rdbms.py,v 1.1 2004-03-18 01:58:45 richard Exp $
+#$Id: sessions_rdbms.py,v 1.2 2004-03-31 23:08:39 richard Exp $
 """This module defines a very basic store that's used by the CGI interface
 to store session and one-time-key information.
 
@@ -21,6 +21,12 @@ class BasicDatabase:
     def clear(self):
         self.cursor.execute('delete from %ss'%self.name)
 
+    def exists(self, infoid):
+        n = self.name
+        self.cursor.execute('select count(*) from %ss where %s_key=%s'%(n,
+            n, self.db.arg), (infoid,))
+        return self.cursor.fetchone()[0]
+
     _marker = []
     def get(self, infoid, value, default=_marker):
         n = self.name
diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py
index 7bd678d..df368eb 100755
--- a/roundup/cgi/actions.py
+++ b/roundup/cgi/actions.py
@@ -1,4 +1,4 @@
-#$Id: actions.py,v 1.21 2004-03-30 06:43:08 richard Exp $
+#$Id: actions.py,v 1.22 2004-03-31 23:08:39 richard Exp $
 
 import re, cgi, StringIO, urllib, Cookie, time, random
 
@@ -723,6 +723,7 @@ class RegisterAction(Action):
             elif isinstance(proptype, hyperdb.Password):
                 props[propname] = str(value)
         otks = self.db.getOTKManager()
+        otk = ''.join([random.choice(chars) for x in range(32)])
         while otks.exists(otk):
             otk = ''.join([random.choice(chars) for x in range(32)])
         otks.set(otk, **props)
@@ -744,8 +745,8 @@ reply's additional "Re:" is ok),
 
 """ % {'name': props['username'], 'tracker': tracker_name, 'url': self.base,
         'otk': otk, 'tracker_email': tracker_email}
-        if not self.client.standard_message([props['address']], subject, body,
-        tracker_email):
+        if not self.client.standard_message([props['address']], subject,
+                body, tracker_email):
             return
 
         # commit changes to the database